154100x800000000000000011814Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:42:12.754{C36AC009-4DA4-65F0-DA27-000000005403}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011813Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:42:11.988{C36AC009-4DA3-65F0-D927-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011812Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:42:11.236{C36AC009-4DA3-65F0-D827-000000005403}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011811Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:42:10.469{C36AC009-4DA2-65F0-D727-000000005403}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011810Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:42:09.719{C36AC009-4DA1-65F0-D627-000000005403}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011809Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:41:12.733{C36AC009-4D68-65F0-D527-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011808Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:41:11.981{C36AC009-4D67-65F0-D427-000000005403}3824C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011807Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:41:11.231{C36AC009-4D67-65F0-D327-000000005403}2164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011806Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:41:10.464{C36AC009-4D66-65F0-D227-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011805Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:41:09.712{C36AC009-4D65-65F0-D127-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011804Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:40:12.591{C36AC009-4D2C-65F0-D027-000000005403}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011803Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:40:11.841{C36AC009-4D2B-65F0-CF27-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011802Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:40:11.076{C36AC009-4D2B-65F0-CE27-000000005403}4924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011801Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:40:10.477{C36AC009-4D2A-65F0-CD27-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011800Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:40:09.712{C36AC009-4D29-65F0-CC27-000000005403}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011799Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:39:13.053{C36AC009-4CF1-65F0-CB27-000000005403}4620C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011798Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:39:13.012{C36AC009-4CF1-65F0-CA27-000000005403}172C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011797Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:39:12.977{C36AC009-4CF0-65F0-C927-000000005403}2948C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011796Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:39:12.912{C36AC009-4CF0-65F0-C727-000000005403}2504C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011795Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:39:12.734{C36AC009-4CF0-65F0-C627-000000005403}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011794Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:39:11.981{C36AC009-4CEF-65F0-C527-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011793Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:39:11.228{C36AC009-4CEF-65F0-C427-000000005403}5000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011792Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:39:10.478{C36AC009-4CEE-65F0-C327-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011791Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:39:09.709{C36AC009-4CED-65F0-C227-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011790Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:38:12.720{C36AC009-4CB4-65F0-C127-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011789Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:38:11.970{C36AC009-4CB3-65F0-C027-000000005403}4176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011788Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:38:11.220{C36AC009-4CB3-65F0-BF27-000000005403}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011787Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:38:10.462{C36AC009-4CB2-65F0-BE27-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011786Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:38:09.697{C36AC009-4CB1-65F0-BD27-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011785Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:37:12.546{C36AC009-4C78-65F0-BC27-000000005403}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011784Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:37:11.796{C36AC009-4C77-65F0-BB27-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011783Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:37:11.046{C36AC009-4C77-65F0-BA27-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011782Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:37:10.451{C36AC009-4C76-65F0-B927-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011781Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:37:09.685{C36AC009-4C75-65F0-B827-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011780Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:36:12.718{C36AC009-4C3C-65F0-B727-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011779Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:36:11.968{C36AC009-4C3B-65F0-B627-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011778Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:36:11.212{C36AC009-4C3B-65F0-B527-000000005403}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011777Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:36:10.442{C36AC009-4C3A-65F0-B427-000000005403}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011776Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:36:09.692{C36AC009-4C39-65F0-B327-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011775Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:35:12.687{C36AC009-4C00-65F0-B227-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011774Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:35:11.931{C36AC009-4BFF-65F0-B127-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011773Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:35:11.176{C36AC009-4BFF-65F0-B027-000000005403}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011772Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:35:10.426{C36AC009-4BFE-65F0-AF27-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011771Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:35:09.670{C36AC009-4BFD-65F0-AE27-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011770Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:34:13.040{C36AC009-4BC5-65F0-AD27-000000005403}3616C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011769Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:34:12.999{C36AC009-4BC4-65F0-AC27-000000005403}848C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011768Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:34:12.964{C36AC009-4BC4-65F0-AB27-000000005403}2456C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011767Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:34:12.899{C36AC009-4BC4-65F0-A927-000000005403}4464C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011766Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:34:12.658{C36AC009-4BC4-65F0-A827-000000005403}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011765Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:34:11.893{C36AC009-4BC3-65F0-A727-000000005403}4952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011764Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:34:11.130{C36AC009-4BC3-65F0-A627-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011763Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:34:10.411{C36AC009-4BC2-65F0-A527-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011762Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:34:09.661{C36AC009-4BC1-65F0-A427-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011761Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:33:12.511{C36AC009-4B88-65F0-A327-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011760Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:33:11.885{C36AC009-4B87-65F0-A227-000000005403}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011759Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:33:11.135{C36AC009-4B87-65F0-A127-000000005403}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011758Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:33:10.388{C36AC009-4B86-65F0-A027-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011757Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:33:09.638{C36AC009-4B85-65F0-9F27-000000005403}764C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011756Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:32:12.485{C36AC009-4B4C-65F0-9E27-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011755Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:32:11.891{C36AC009-4B4B-65F0-9D27-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011754Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:32:11.133{C36AC009-4B4B-65F0-9C27-000000005403}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011753Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:32:10.376{C36AC009-4B4A-65F0-9B27-000000005403}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011752Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:32:09.635{C36AC009-4B49-65F0-9A27-000000005403}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011751Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:31:12.658{C36AC009-4B10-65F0-9927-000000005403}424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011750Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:31:11.900{C36AC009-4B0F-65F0-9827-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011749Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:31:11.142{C36AC009-4B0F-65F0-9727-000000005403}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011748Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:31:10.392{C36AC009-4B0E-65F0-9627-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011747Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:31:09.634{C36AC009-4B0D-65F0-9527-000000005403}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011746Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:30:12.559{C36AC009-4AD4-65F0-9427-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011745Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:30:11.894{C36AC009-4AD3-65F0-9327-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011744Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:30:11.144{C36AC009-4AD3-65F0-9227-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011743Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:30:10.385{C36AC009-4AD2-65F0-9127-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011742Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:30:09.627{C36AC009-4AD1-65F0-9027-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011741Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:29:13.035{C36AC009-4A99-65F0-8F27-000000005403}1968C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011740Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:29:12.996{C36AC009-4A98-65F0-8E27-000000005403}4432C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011739Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:29:12.960{C36AC009-4A98-65F0-8D27-000000005403}5088C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011738Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:29:12.894{C36AC009-4A98-65F0-8B27-000000005403}5068C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011737Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:29:12.605{C36AC009-4A98-65F0-8A27-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011736Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:29:11.877{C36AC009-4A97-65F0-8927-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011735Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:29:11.127{C36AC009-4A97-65F0-8827-000000005403}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011734Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:29:10.383{C36AC009-4A96-65F0-8727-000000005403}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011733Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:29:09.624{C36AC009-4A95-65F0-8627-000000005403}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011731Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:28:12.632{C36AC009-4A5C-65F0-8527-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011730Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:28:11.882{C36AC009-4A5B-65F0-8427-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011729Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:28:11.128{C36AC009-4A5B-65F0-8327-000000005403}3660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011728Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:28:10.378{C36AC009-4A5A-65F0-8227-000000005403}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011727Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:28:09.602{C36AC009-4A59-65F0-8127-000000005403}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011726Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:27:12.591{C36AC009-4A20-65F0-8027-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011725Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:27:11.841{C36AC009-4A1F-65F0-7F27-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011724Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:27:11.091{C36AC009-4A1F-65F0-7E27-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011723Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:27:10.344{C36AC009-4A1E-65F0-7D27-000000005403}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011722Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:27:09.594{C36AC009-4A1D-65F0-7C27-000000005403}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011721Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:26:12.557{C36AC009-49E4-65F0-7B27-000000005403}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011720Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:26:11.874{C36AC009-49E3-65F0-7A27-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011719Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:26:11.108{C36AC009-49E3-65F0-7927-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011718Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:26:10.362{C36AC009-49E2-65F0-7827-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011717Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:26:09.601{C36AC009-49E1-65F0-7727-000000005403}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011716Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:25:12.508{C36AC009-49A8-65F0-7627-000000005403}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011715Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:25:11.840{C36AC009-49A7-65F0-7527-000000005403}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011714Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:25:11.090{C36AC009-49A7-65F0-7427-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011713Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:25:10.345{C36AC009-49A6-65F0-7327-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011712Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:25:09.595{C36AC009-49A5-65F0-7227-000000005403}1044C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011711Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:24:13.032{C36AC009-496D-65F0-7127-000000005403}3648C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011710Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:24:12.992{C36AC009-496C-65F0-7027-000000005403}380C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011709Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:24:12.956{C36AC009-496C-65F0-6F27-000000005403}2504C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011708Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:24:12.891{C36AC009-496C-65F0-6D27-000000005403}1944C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011707Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:24:12.509{C36AC009-496C-65F0-6C27-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011706Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:24:11.868{C36AC009-496B-65F0-6B27-000000005403}2908C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011705Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:24:11.103{C36AC009-496B-65F0-6A27-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011704Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:24:10.337{C36AC009-496A-65F0-6927-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011703Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:24:09.592{C36AC009-4969-65F0-6827-000000005403}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011702Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:23:12.639{C36AC009-4930-65F0-6627-000000005403}4864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011701Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:23:11.873{C36AC009-492F-65F0-6527-000000005403}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011700Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:23:11.110{C36AC009-492F-65F0-6427-000000005403}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011699Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:23:10.347{C36AC009-492E-65F0-6327-000000005403}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011698Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:23:09.597{C36AC009-492D-65F0-6227-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011697Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:22:12.424{C36AC009-48F4-65F0-6127-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011696Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:22:11.674{C36AC009-48F3-65F0-6027-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011695Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:22:10.924{C36AC009-48F2-65F0-5F27-000000005403}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011694Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:22:10.332{C36AC009-48F2-65F0-5E27-000000005403}2392C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011693Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:22:09.569{C36AC009-48F1-65F0-5D27-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011692Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:21:12.585{C36AC009-48B8-65F0-5C27-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011691Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:21:11.819{C36AC009-48B7-65F0-5B27-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011690Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:21:11.055{C36AC009-48B7-65F0-5A27-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011689Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:21:10.322{C36AC009-48B6-65F0-5927-000000005403}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011688Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:21:09.556{C36AC009-48B5-65F0-5827-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011687Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:20:12.512{C36AC009-487C-65F0-5727-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011686Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:20:11.809{C36AC009-487B-65F0-5627-000000005403}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011685Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:20:11.059{C36AC009-487B-65F0-5527-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011684Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:20:10.310{C36AC009-487A-65F0-5427-000000005403}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011683Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:20:09.545{C36AC009-4879-65F0-5327-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011682Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:19:13.030{C36AC009-4841-65F0-5227-000000005403}2392C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011681Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:19:12.990{C36AC009-4840-65F0-5127-000000005403}4640C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011680Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:19:12.954{C36AC009-4840-65F0-5027-000000005403}4620C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011679Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:19:12.889{C36AC009-4840-65F0-4E27-000000005403}172C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011678Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:19:12.491{C36AC009-4840-65F0-4D27-000000005403}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011677Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:19:11.819{C36AC009-483F-65F0-4C27-000000005403}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011676Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:19:11.054{C36AC009-483F-65F0-4B27-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011675Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:19:10.288{C36AC009-483E-65F0-4A27-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011674Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:19:09.523{C36AC009-483D-65F0-4927-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011673Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:18:12.488{C36AC009-4804-65F0-4827-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011672Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:18:11.784{C36AC009-4803-65F0-4727-000000005403}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011671Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:18:11.034{C36AC009-4803-65F0-4627-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011670Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:18:10.267{C36AC009-4802-65F0-4527-000000005403}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011669Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:18:09.517{C36AC009-4801-65F0-4427-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011668Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:17:12.461{C36AC009-47C8-65F0-4327-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011667Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:17:11.695{C36AC009-47C7-65F0-4227-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011666Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:17:10.930{C36AC009-47C6-65F0-4127-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011665Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:17:10.257{C36AC009-47C6-65F0-4027-000000005403}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011664Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:17:09.506{C36AC009-47C5-65F0-3F27-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011663Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:16:12.447{C36AC009-478C-65F0-3E27-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011662Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:16:11.681{C36AC009-478B-65F0-3D27-000000005403}2456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011661Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:16:10.930{C36AC009-478A-65F0-3C27-000000005403}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011660Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:16:10.241{C36AC009-478A-65F0-3B27-000000005403}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011659Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:16:09.491{C36AC009-4789-65F0-3A27-000000005403}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011658Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:15:12.399{C36AC009-4750-65F0-3927-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011657Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:15:11.742{C36AC009-474F-65F0-3827-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011656Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:15:10.990{C36AC009-474E-65F0-3727-000000005403}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011655Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:15:10.222{C36AC009-474E-65F0-3627-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011654Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:15:09.472{C36AC009-474D-65F0-3527-000000005403}3660C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011653Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:14:13.016{C36AC009-4715-65F0-3427-000000005403}1096C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011652Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:14:12.976{C36AC009-4714-65F0-3327-000000005403}4448C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011651Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:14:12.939{C36AC009-4714-65F0-3227-000000005403}4344C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011650Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:14:12.873{C36AC009-4714-65F0-3027-000000005403}2300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011649Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:14:12.396{C36AC009-4714-65F0-2F27-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011648Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:14:11.753{C36AC009-4713-65F0-2E27-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011647Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:14:10.984{C36AC009-4712-65F0-2D27-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011646Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:14:10.219{C36AC009-4712-65F0-2C27-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011645Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:14:09.466{C36AC009-4711-65F0-2B27-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011644Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:13:12.458{C36AC009-46D8-65F0-2A27-000000005403}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011643Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:13:11.720{C36AC009-46D7-65F0-2927-000000005403}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011642Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:13:10.967{C36AC009-46D6-65F0-2827-000000005403}2192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011641Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:13:10.213{C36AC009-46D6-65F0-2727-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011640Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:13:09.448{C36AC009-46D5-65F0-2627-000000005403}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011639Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:12:12.340{C36AC009-469C-65F0-2527-000000005403}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011638Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:12:11.587{C36AC009-469B-65F0-2427-000000005403}2828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011637Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:12:10.822{C36AC009-469A-65F0-2327-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011636Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:12:10.208{C36AC009-469A-65F0-2227-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011635Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:12:09.454{C36AC009-4699-65F0-2127-000000005403}708C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011634Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:11:12.328{C36AC009-4660-65F0-2027-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011633Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:11:11.734{C36AC009-465F-65F0-1F27-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011632Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:11:10.974{C36AC009-465E-65F0-1E27-000000005403}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011631Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:11:10.220{C36AC009-465E-65F0-1D27-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011630Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:11:09.454{C36AC009-465D-65F0-1C27-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011629Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:10:12.467{C36AC009-4624-65F0-1B27-000000005403}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011628Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:10:11.712{C36AC009-4623-65F0-1A27-000000005403}1732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011627Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:10:10.969{C36AC009-4622-65F0-1927-000000005403}1600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011626Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:10:10.218{C36AC009-4622-65F0-1827-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011625Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:10:09.447{C36AC009-4621-65F0-1727-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011624Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:09:13.007{C36AC009-45E9-65F0-1627-000000005403}368C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011623Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:09:12.966{C36AC009-45E8-65F0-1527-000000005403}2336C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011622Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:09:12.930{C36AC009-45E8-65F0-1427-000000005403}4436C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011621Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:09:12.864{C36AC009-45E8-65F0-1227-000000005403}4492C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011620Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:09:12.353{C36AC009-45E8-65F0-1127-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011619Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:09:11.703{C36AC009-45E7-65F0-1027-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011618Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:09:10.948{C36AC009-45E6-65F0-0F27-000000005403}3484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011617Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:09:10.177{C36AC009-45E6-65F0-0E27-000000005403}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011616Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:09:09.437{C36AC009-45E5-65F0-0D27-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011615Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:08:12.310{C36AC009-45AC-65F0-0C27-000000005403}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011614Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:08:11.556{C36AC009-45AB-65F0-0B27-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011613Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:08:10.814{C36AC009-45AA-65F0-0A27-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011612Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:08:10.169{C36AC009-45AA-65F0-0927-000000005403}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011611Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:08:09.422{C36AC009-45A9-65F0-0827-000000005403}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011609Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:07:12.467{C36AC009-4570-65F0-0627-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011608Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:07:11.702{C36AC009-456F-65F0-0527-000000005403}2192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011607Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:07:10.936{C36AC009-456E-65F0-0427-000000005403}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011606Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:07:10.180{C36AC009-456E-65F0-0327-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011605Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:07:09.420{C36AC009-456D-65F0-0227-000000005403}1088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011604Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:06:12.425{C36AC009-4534-65F0-0127-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011603Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:06:11.675{C36AC009-4533-65F0-0027-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011602Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:06:10.918{C36AC009-4532-65F0-FF26-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011601Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:06:10.168{C36AC009-4532-65F0-FE26-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011600Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:06:09.403{C36AC009-4531-65F0-FD26-000000005403}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011599Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:05:12.285{C36AC009-44F8-65F0-FC26-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011598Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:05:11.644{C36AC009-44F7-65F0-FB26-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011597Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:05:10.901{C36AC009-44F6-65F0-FA26-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011596Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:05:10.135{C36AC009-44F6-65F0-F926-000000005403}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011595Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:05:09.385{C36AC009-44F5-65F0-F826-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011594Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:04:12.987{C36AC009-44BC-65F0-F726-000000005403}3372C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011593Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:04:12.948{C36AC009-44BC-65F0-F626-000000005403}2196C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011592Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:04:12.911{C36AC009-44BC-65F0-F526-000000005403}3780C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011591Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:04:12.848{C36AC009-44BC-65F0-F326-000000005403}3236C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011590Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:04:12.311{C36AC009-44BC-65F0-F226-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011589Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:04:11.552{C36AC009-44BB-65F0-F126-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011588Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:04:10.793{C36AC009-44BA-65F0-F026-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011587Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:04:10.152{C36AC009-44BA-65F0-EF26-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011586Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:04:09.388{C36AC009-44B9-65F0-EE26-000000005403}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011585Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:03:12.379{C36AC009-4480-65F0-ED26-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011584Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:03:11.629{C36AC009-447F-65F0-EC26-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011583Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:03:10.870{C36AC009-447E-65F0-EB26-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011582Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:03:10.120{C36AC009-447E-65F0-EA26-000000005403}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011581Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:03:09.376{C36AC009-447D-65F0-E926-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011580Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:02:12.376{C36AC009-4444-65F0-E826-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011579Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:02:11.626{C36AC009-4443-65F0-E726-000000005403}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011578Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:02:10.876{C36AC009-4442-65F0-E626-000000005403}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011577Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:02:10.123{C36AC009-4442-65F0-E526-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011576Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:02:09.373{C36AC009-4441-65F0-E426-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011575Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:01:12.407{C36AC009-4408-65F0-E326-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011574Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:01:11.657{C36AC009-4407-65F0-E226-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011573Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:01:10.882{C36AC009-4406-65F0-E126-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011572Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:01:10.121{C36AC009-4406-65F0-E026-000000005403}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011571Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:01:09.355{C36AC009-4405-65F0-DF26-000000005403}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011570Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:00:12.308{C36AC009-43CC-65F0-DE26-000000005403}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011569Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:00:11.542{C36AC009-43CB-65F0-DD26-000000005403}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011568Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:00:10.781{C36AC009-43CA-65F0-DC26-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011567Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:00:10.114{C36AC009-43CA-65F0-DB26-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011566Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 12:00:09.348{C36AC009-43C9-65F0-DA26-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011565Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:59:12.975{C36AC009-4390-65F0-D826-000000005403}1056C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011564Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:59:12.936{C36AC009-4390-65F0-D726-000000005403}976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011563Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:59:12.899{C36AC009-4390-65F0-D626-000000005403}924C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011562Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:59:12.834{C36AC009-4390-65F0-D426-000000005403}3008C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011561Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:59:12.204{C36AC009-4390-65F0-D326-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011560Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:59:11.454{C36AC009-438F-65F0-D226-000000005403}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011559Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:59:10.697{C36AC009-438E-65F0-D126-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011558Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:59:10.087{C36AC009-438E-65F0-D026-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011557Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:59:09.337{C36AC009-438D-65F0-CF26-000000005403}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011556Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:58:12.217{C36AC009-4354-65F0-CE26-000000005403}4864C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011555Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:58:11.455{C36AC009-4353-65F0-CD26-000000005403}4392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011554Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:58:10.693{C36AC009-4352-65F0-CC26-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011553Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:58:10.083{C36AC009-4352-65F0-CB26-000000005403}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011552Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:58:09.317{C36AC009-4351-65F0-CA26-000000005403}3356C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011551Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:57:12.329{C36AC009-4318-65F0-C926-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011550Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:57:11.579{C36AC009-4317-65F0-C826-000000005403}4964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011549Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:57:10.829{C36AC009-4316-65F0-C726-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011548Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:57:10.066{C36AC009-4316-65F0-C626-000000005403}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011547Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:57:09.303{C36AC009-4315-65F0-C526-000000005403}4136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011546Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:56:12.330{C36AC009-42DC-65F0-C426-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011545Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:56:11.570{C36AC009-42DB-65F0-C326-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011544Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:56:10.808{C36AC009-42DA-65F0-C226-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011543Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:56:10.058{C36AC009-42DA-65F0-C126-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011542Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:56:09.294{C36AC009-42D9-65F0-C026-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011541Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:55:12.159{C36AC009-42A0-65F0-BF26-000000005403}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011540Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:55:11.565{C36AC009-429F-65F0-BE26-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011539Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:55:10.805{C36AC009-429E-65F0-BD26-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011538Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:55:10.039{C36AC009-429E-65F0-BC26-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011537Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:55:09.289{C36AC009-429D-65F0-BB26-000000005403}4436C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011536Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:54:12.970{C36AC009-4264-65F0-BA26-000000005403}2392C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011535Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:54:12.930{C36AC009-4264-65F0-B926-000000005403}4948C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011534Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:54:12.894{C36AC009-4264-65F0-B826-000000005403}4928C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011533Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:54:12.829{C36AC009-4264-65F0-B626-000000005403}2156C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011532Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:54:12.231{C36AC009-4264-65F0-B526-000000005403}4668C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011531Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:54:11.559{C36AC009-4263-65F0-B426-000000005403}2164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011530Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:54:10.803{C36AC009-4262-65F0-B326-000000005403}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011529Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:54:10.039{C36AC009-4262-65F0-B226-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011528Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:54:09.289{C36AC009-4261-65F0-B126-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011527Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:53:12.290{C36AC009-4228-65F0-B026-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011526Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:53:11.526{C36AC009-4227-65F0-AF26-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011525Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:53:10.764{C36AC009-4226-65F0-AE26-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011524Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:53:10.029{C36AC009-4226-65F0-AD26-000000005403}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011523Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:53:09.264{C36AC009-4225-65F0-AC26-000000005403}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011522Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:52:12.202{C36AC009-41EC-65F0-AB26-000000005403}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011521Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:52:11.452{C36AC009-41EB-65F0-AA26-000000005403}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011520Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:52:10.712{C36AC009-41EA-65F0-A926-000000005403}4472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011519Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:52:10.008{C36AC009-41EA-65F0-A826-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011518Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:52:09.258{C36AC009-41E9-65F0-A726-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011517Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:51:12.286{C36AC009-41B0-65F0-A626-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011516Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:51:11.535{C36AC009-41AF-65F0-A526-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011515Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:51:10.769{C36AC009-41AE-65F0-A426-000000005403}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011514Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:51:10.014{C36AC009-41AE-65F0-A326-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011513Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:51:09.247{C36AC009-41AD-65F0-A226-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011512Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:50:12.211{C36AC009-4174-65F0-A126-000000005403}2828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011511Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:50:11.461{C36AC009-4173-65F0-A026-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011510Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:50:10.710{C36AC009-4172-65F0-9F26-000000005403}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011509Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:50:09.992{C36AC009-4171-65F0-9E26-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011508Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:50:09.242{C36AC009-4171-65F0-9D26-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011507Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:49:12.961{C36AC009-4138-65F0-9C26-000000005403}924C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011506Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:49:12.921{C36AC009-4138-65F0-9B26-000000005403}4832C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011505Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:49:12.885{C36AC009-4138-65F0-9A26-000000005403}2948C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011504Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:49:12.820{C36AC009-4138-65F0-9826-000000005403}2352C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011503Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:49:12.140{C36AC009-4138-65F0-9726-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011502Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:49:11.528{C36AC009-4137-65F0-9626-000000005403}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011501Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:49:10.763{C36AC009-4136-65F0-9526-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011500Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:49:09.997{C36AC009-4135-65F0-9426-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011499Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:49:09.233{C36AC009-4135-65F0-9326-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011498Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:48:12.150{C36AC009-40FC-65F0-9226-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011497Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:48:11.488{C36AC009-40FB-65F0-9126-000000005403}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011496Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:48:10.738{C36AC009-40FA-65F0-9026-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011495Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:48:09.985{C36AC009-40F9-65F0-8F26-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011494Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:48:09.245{C36AC009-40F9-65F0-8E26-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011493Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:47:12.009{C36AC009-40C0-65F0-8D26-000000005403}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011492Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:47:11.381{C36AC009-40BF-65F0-8C26-000000005403}4964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011491Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:47:10.739{C36AC009-40BE-65F0-8B26-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011490Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:47:09.986{C36AC009-40BD-65F0-8A26-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011489Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:47:09.232{C36AC009-40BD-65F0-8926-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011488Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:46:12.238{C36AC009-4084-65F0-8826-000000005403}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011487Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:46:11.473{C36AC009-4083-65F0-8726-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011486Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:46:10.715{C36AC009-4082-65F0-8626-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011485Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:46:09.965{C36AC009-4081-65F0-8526-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011484Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:46:09.215{C36AC009-4081-65F0-8426-000000005403}3824C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011483Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:45:12.163{C36AC009-4048-65F0-8326-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011482Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:45:11.455{C36AC009-4047-65F0-8226-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011481Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:45:10.705{C36AC009-4046-65F0-8126-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011480Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:45:09.951{C36AC009-4045-65F0-8026-000000005403}1044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011479Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:45:09.212{C36AC009-4045-65F0-7F26-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011478Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:44:12.959{C36AC009-400C-65F0-7E26-000000005403}1596C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011477Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:44:12.919{C36AC009-400C-65F0-7D26-000000005403}4400C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011476Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:44:12.884{C36AC009-400C-65F0-7C26-000000005403}924C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011475Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:44:12.818{C36AC009-400C-65F0-7A26-000000005403}4432C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011474Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:44:12.140{C36AC009-400C-65F0-7926-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011473Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:44:11.385{C36AC009-400B-65F0-7826-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011472Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:44:10.630{C36AC009-400A-65F0-7726-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011471Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:44:09.958{C36AC009-4009-65F0-7626-000000005403}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011470Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:44:09.203{C36AC009-4009-65F0-7526-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011469Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:43:12.212{C36AC009-3FD0-65F0-7226-000000005403}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011468Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:43:11.462{C36AC009-3FCF-65F0-7126-000000005403}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011467Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:43:10.701{C36AC009-3FCE-65F0-7026-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011466Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:43:09.951{C36AC009-3FCD-65F0-6F26-000000005403}372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011465Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:43:09.201{C36AC009-3FCD-65F0-6E26-000000005403}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011464Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:42:12.161{C36AC009-3F94-65F0-6D26-000000005403}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011463Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:42:11.405{C36AC009-3F93-65F0-6C26-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011462Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:42:10.639{C36AC009-3F92-65F0-6B26-000000005403}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011461Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:42:09.961{C36AC009-3F91-65F0-6A26-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011460Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:42:09.189{C36AC009-3F91-65F0-6926-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011459Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:41:12.212{C36AC009-3F58-65F0-6826-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011458Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:41:11.455{C36AC009-3F57-65F0-6726-000000005403}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011457Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:41:10.689{C36AC009-3F56-65F0-6626-000000005403}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011456Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:41:09.932{C36AC009-3F55-65F0-6526-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011455Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:41:09.175{C36AC009-3F55-65F0-6426-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011454Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:40:12.009{C36AC009-3F1C-65F0-6326-000000005403}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011453Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:40:11.267{C36AC009-3F1B-65F0-6226-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011452Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:40:10.509{C36AC009-3F1A-65F0-6126-000000005403}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011451Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:40:09.915{C36AC009-3F19-65F0-6026-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011450Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:40:09.173{C36AC009-3F19-65F0-5F26-000000005403}440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011449Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:39:12.954{C36AC009-3EE0-65F0-5E26-000000005403}184C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011448Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:39:12.913{C36AC009-3EE0-65F0-5D26-000000005403}4112C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011447Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:39:12.877{C36AC009-3EE0-65F0-5C26-000000005403}3668C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011446Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:39:12.811{C36AC009-3EE0-65F0-5A26-000000005403}1776C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011445Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:39:12.211{C36AC009-3EE0-65F0-5926-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011444Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:39:11.445{C36AC009-3EDF-65F0-5826-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011443Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:39:10.683{C36AC009-3EDE-65F0-5726-000000005403}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011442Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:39:09.918{C36AC009-3EDD-65F0-5626-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011441Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:39:09.168{C36AC009-3EDD-65F0-5526-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011440Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:38:12.039{C36AC009-3EA4-65F0-5426-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011439Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:38:11.452{C36AC009-3EA3-65F0-5326-000000005403}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011438Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:38:10.702{C36AC009-3EA2-65F0-5226-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011437Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:38:09.943{C36AC009-3EA1-65F0-5126-000000005403}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011436Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:38:09.178{C36AC009-3EA1-65F0-5026-000000005403}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011435Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:37:12.216{C36AC009-3E68-65F0-4F26-000000005403}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011434Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:37:11.450{C36AC009-3E67-65F0-4E26-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011433Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:37:10.691{C36AC009-3E66-65F0-4D26-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011432Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:37:09.932{C36AC009-3E65-65F0-4C26-000000005403}972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011431Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:37:09.166{C36AC009-3E65-65F0-4B26-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011430Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:36:12.205{C36AC009-3E2C-65F0-4A26-000000005403}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011429Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:36:11.445{C36AC009-3E2B-65F0-4926-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011428Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:36:10.679{C36AC009-3E2A-65F0-4826-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011427Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:36:09.919{C36AC009-3E29-65F0-4726-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011426Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:36:09.159{C36AC009-3E29-65F0-4626-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011425Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:35:12.082{C36AC009-3DF0-65F0-4526-000000005403}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011424Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:35:11.322{C36AC009-3DEF-65F0-4426-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011423Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:35:10.556{C36AC009-3DEE-65F0-4326-000000005403}3824C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011422Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:35:09.921{C36AC009-3DED-65F0-4226-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011421Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:35:09.160{C36AC009-3DED-65F0-4126-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011420Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:34:12.936{C36AC009-3DB4-65F0-4026-000000005403}1740C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011419Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:34:12.895{C36AC009-3DB4-65F0-3F26-000000005403}4344C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011418Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:34:12.858{C36AC009-3DB4-65F0-3E26-000000005403}2900C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011417Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:34:12.794{C36AC009-3DB4-65F0-3C26-000000005403}4644C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011416Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:34:12.163{C36AC009-3DB4-65F0-3B26-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011415Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:34:11.406{C36AC009-3DB3-65F0-3A26-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011414Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:34:10.641{C36AC009-3DB2-65F0-3926-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011413Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:34:09.906{C36AC009-3DB1-65F0-3826-000000005403}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011412Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:34:09.149{C36AC009-3DB1-65F0-3726-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011411Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:33:12.031{C36AC009-3D78-65F0-3626-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011410Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:33:11.421{C36AC009-3D77-65F0-3526-000000005403}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011409Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:33:10.659{C36AC009-3D76-65F0-3426-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011408Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:33:09.897{C36AC009-3D75-65F0-3326-000000005403}4148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011407Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:33:09.147{C36AC009-3D75-65F0-3226-000000005403}1484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011406Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:32:12.063{C36AC009-3D3C-65F0-3126-000000005403}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011405Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:32:11.456{C36AC009-3D3B-65F0-3026-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011404Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:32:10.690{C36AC009-3D3A-65F0-2F26-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011403Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:32:09.912{C36AC009-3D39-65F0-2E26-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011402Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:32:09.150{C36AC009-3D39-65F0-2D26-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011401Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:31:12.049{C36AC009-3D00-65F0-2A26-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011400Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:31:11.285{C36AC009-3CFF-65F0-2926-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011399Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:31:10.522{C36AC009-3CFE-65F0-2826-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011398Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:31:09.897{C36AC009-3CFD-65F0-2726-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011397Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:31:09.134{C36AC009-3CFD-65F0-2626-000000005403}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011396Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:30:12.061{C36AC009-3CC4-65F0-2526-000000005403}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011395Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:30:11.297{C36AC009-3CC3-65F0-2426-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011394Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:30:10.534{C36AC009-3CC2-65F0-2326-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011393Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:30:09.878{C36AC009-3CC1-65F0-2226-000000005403}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011392Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:30:09.114{C36AC009-3CC1-65F0-2126-000000005403}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011391Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:29:12.932{C36AC009-3C88-65F0-2026-000000005403}4960C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011390Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:29:12.892{C36AC009-3C88-65F0-1F26-000000005403}3608C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011389Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:29:12.856{C36AC009-3C88-65F0-1E26-000000005403}92C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011388Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:29:12.791{C36AC009-3C88-65F0-1C26-000000005403}4136C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011387Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:29:12.162{C36AC009-3C88-65F0-1B26-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011386Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:29:11.400{C36AC009-3C87-65F0-1A26-000000005403}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011385Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:29:10.634{C36AC009-3C86-65F0-1926-000000005403}3492C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011384Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:29:09.869{C36AC009-3C85-65F0-1826-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011383Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:29:09.106{C36AC009-3C85-65F0-1726-000000005403}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011382Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:28:12.126{C36AC009-3C4C-65F0-1626-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011381Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:28:11.365{C36AC009-3C4B-65F0-1526-000000005403}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011380Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:28:10.612{C36AC009-3C4A-65F0-1426-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011379Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:28:09.862{C36AC009-3C49-65F0-1326-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011378Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:28:09.096{C36AC009-3C49-65F0-1226-000000005403}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011377Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:27:11.981{C36AC009-3C0F-65F0-1126-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011376Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:27:11.356{C36AC009-3C0F-65F0-1026-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011375Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:27:10.605{C36AC009-3C0E-65F0-0F26-000000005403}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011374Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:27:09.844{C36AC009-3C0D-65F0-0E26-000000005403}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011373Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:27:09.097{C36AC009-3C0D-65F0-0D26-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011372Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:26:12.028{C36AC009-3BD4-65F0-0C26-000000005403}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011371Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:26:11.278{C36AC009-3BD3-65F0-0B26-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011370Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:26:10.512{C36AC009-3BD2-65F0-0A26-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011369Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:26:09.840{C36AC009-3BD1-65F0-0926-000000005403}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011368Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:26:09.088{C36AC009-3BD1-65F0-0826-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011367Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:25:12.089{C36AC009-3B98-65F0-0726-000000005403}3584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011366Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:25:11.322{C36AC009-3B97-65F0-0626-000000005403}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011365Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:25:10.572{C36AC009-3B96-65F0-0526-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011364Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:25:09.821{C36AC009-3B95-65F0-0426-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011363Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:25:09.070{C36AC009-3B95-65F0-0326-000000005403}4408C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011362Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:24:12.915{C36AC009-3B5C-65F0-0226-000000005403}4808C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011361Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:24:12.874{C36AC009-3B5C-65F0-0126-000000005403}3492C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011360Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:24:12.837{C36AC009-3B5C-65F0-0026-000000005403}3236C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011359Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:24:12.772{C36AC009-3B5C-65F0-FE25-000000005403}2376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011358Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:24:12.094{C36AC009-3B5C-65F0-FD25-000000005403}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011357Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:24:11.327{C36AC009-3B5B-65F0-FC25-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011356Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:24:10.575{C36AC009-3B5A-65F0-FB25-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011355Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:24:09.809{C36AC009-3B59-65F0-FA25-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011354Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:24:09.057{C36AC009-3B59-65F0-F925-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011353Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:23:12.075{C36AC009-3B20-65F0-F825-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011352Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:23:11.325{C36AC009-3B1F-65F0-F725-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011351Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:23:10.559{C36AC009-3B1E-65F0-F625-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011350Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:23:09.804{C36AC009-3B1D-65F0-F525-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011349Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:23:09.038{C36AC009-3B1D-65F0-F425-000000005403}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011348Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:22:12.024{C36AC009-3AE4-65F0-F125-000000005403}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011347Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:22:11.271{C36AC009-3AE3-65F0-F025-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011346Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:22:10.518{C36AC009-3AE2-65F0-EF25-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011345Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:22:09.768{C36AC009-3AE1-65F0-EE25-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011344Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:22:09.018{C36AC009-3AE1-65F0-ED25-000000005403}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011343Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:21:11.981{C36AC009-3AA7-65F0-EC25-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011342Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:21:11.212{C36AC009-3AA7-65F0-EB25-000000005403}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011341Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:21:10.445{C36AC009-3AA6-65F0-EA25-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011340Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:21:09.772{C36AC009-3AA5-65F0-E925-000000005403}2908C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011339Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:21:09.003{C36AC009-3AA5-65F0-E825-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011338Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:20:11.990{C36AC009-3A6B-65F0-E725-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011337Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:20:11.236{C36AC009-3A6B-65F0-E625-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011336Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:20:10.482{C36AC009-3A6A-65F0-E525-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011335Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:20:09.747{C36AC009-3A69-65F0-E425-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011334Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:20:08.994{C36AC009-3A68-65F0-E325-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011333Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:19:12.909{C36AC009-3A30-65F0-E225-000000005403}1756C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011332Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:19:12.871{C36AC009-3A30-65F0-E125-000000005403}3660C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011331Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:19:12.834{C36AC009-3A30-65F0-E025-000000005403}4432C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011330Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:19:12.769{C36AC009-3A30-65F0-DE25-000000005403}2040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011329Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:19:11.878{C36AC009-3A2F-65F0-DD25-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011328Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:19:11.220{C36AC009-3A2F-65F0-DC25-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011327Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:19:10.470{C36AC009-3A2E-65F0-DB25-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011326Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:19:09.727{C36AC009-3A2D-65F0-DA25-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011325Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:19:08.977{C36AC009-3A2C-65F0-D925-000000005403}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011324Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:18:11.965{C36AC009-39F3-65F0-D825-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011323Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:18:11.195{C36AC009-39F3-65F0-D725-000000005403}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011322Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:18:10.439{C36AC009-39F2-65F0-D625-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011321Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:18:09.720{C36AC009-39F1-65F0-D525-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011320Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:18:08.954{C36AC009-39F0-65F0-D425-000000005403}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011319Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:17:11.980{C36AC009-39B7-65F0-D325-000000005403}3484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011318Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:17:11.230{C36AC009-39B7-65F0-D225-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011317Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:17:10.458{C36AC009-39B6-65F0-D125-000000005403}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011316Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:17:09.702{C36AC009-39B5-65F0-D025-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011315Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:17:08.952{C36AC009-39B4-65F0-CF25-000000005403}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011314Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:16:11.953{C36AC009-397B-65F0-CE25-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011313Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:16:11.202{C36AC009-397B-65F0-CD25-000000005403}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011312Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:16:10.452{C36AC009-397A-65F0-CC25-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011311Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:16:09.695{C36AC009-3979-65F0-CB25-000000005403}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011310Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:16:08.938{C36AC009-3978-65F0-CA25-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011309Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:15:11.809{C36AC009-393F-65F0-C925-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011308Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:15:11.208{C36AC009-393F-65F0-C825-000000005403}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011307Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:15:10.451{C36AC009-393E-65F0-C725-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011306Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:15:09.685{C36AC009-393D-65F0-C625-000000005403}2084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011305Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:15:08.936{C36AC009-393C-65F0-C525-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011304Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:14:12.898{C36AC009-3904-65F0-C425-000000005403}4260C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011303Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:14:12.857{C36AC009-3904-65F0-C325-000000005403}2192C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011302Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:14:12.821{C36AC009-3904-65F0-C225-000000005403}4488C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011301Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:14:12.755{C36AC009-3904-65F0-C025-000000005403}4852C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011300Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:14:11.804{C36AC009-3903-65F0-BF25-000000005403}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011299Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:14:11.053{C36AC009-3903-65F0-BE25-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011298Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:14:10.281{C36AC009-3902-65F0-BD25-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011297Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:14:09.687{C36AC009-3901-65F0-BC25-000000005403}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011296Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:14:08.929{C36AC009-3900-65F0-BB25-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011295Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:13:11.851{C36AC009-38C7-65F0-BA25-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011294Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:13:11.094{C36AC009-38C7-65F0-B925-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011293Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:13:10.343{C36AC009-38C6-65F0-B825-000000005403}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011292Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:13:09.694{C36AC009-38C5-65F0-B725-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011291Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:13:08.929{C36AC009-38C4-65F0-B625-000000005403}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011290Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:12:11.850{C36AC009-388B-65F0-B525-000000005403}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011289Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:12:11.084{C36AC009-388B-65F0-B425-000000005403}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011288Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:12:10.326{C36AC009-388A-65F0-B325-000000005403}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011287Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:12:09.692{C36AC009-3889-65F0-B225-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011286Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:12:08.926{C36AC009-3888-65F0-B125-000000005403}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011285Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:11:11.952{C36AC009-384F-65F0-B025-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011284Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:11:11.202{C36AC009-384F-65F0-AF25-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011283Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:11:10.449{C36AC009-384E-65F0-AE25-000000005403}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011282Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:11:09.683{C36AC009-384D-65F0-AD25-000000005403}1948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011281Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:11:08.908{C36AC009-384C-65F0-AC25-000000005403}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011280Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:10:11.913{C36AC009-3813-65F0-AB25-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011279Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:10:11.151{C36AC009-3813-65F0-AA25-000000005403}2200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011278Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:10:10.401{C36AC009-3812-65F0-A925-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011277Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:10:09.677{C36AC009-3811-65F0-A825-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011276Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:10:08.912{C36AC009-3810-65F0-A725-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011275Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:09:12.891{C36AC009-37D8-65F0-A625-000000005403}3088C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011274Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:09:12.850{C36AC009-37D8-65F0-A525-000000005403}924C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011273Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:09:12.814{C36AC009-37D8-65F0-A425-000000005403}5072C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011272Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:09:12.748{C36AC009-37D8-65F0-A225-000000005403}3264C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011271Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:09:11.853{C36AC009-37D7-65F0-A125-000000005403}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011270Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:09:11.092{C36AC009-37D7-65F0-A025-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011269Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:09:10.342{C36AC009-37D6-65F0-9F25-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011268Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:09:09.670{C36AC009-37D5-65F0-9E25-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011267Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:09:08.914{C36AC009-37D4-65F0-9D25-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011266Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:08:11.760{C36AC009-379B-65F0-9C25-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011265Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:08:10.998{C36AC009-379A-65F0-9B25-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011264Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:08:10.251{C36AC009-379A-65F0-9A25-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011263Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:08:09.645{C36AC009-3799-65F0-9925-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011262Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:08:08.895{C36AC009-3798-65F0-9825-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011261Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:07:11.879{C36AC009-375F-65F0-9725-000000005403}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011260Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:07:11.117{C36AC009-375F-65F0-9625-000000005403}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011259Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:07:10.342{C36AC009-375E-65F0-9525-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011258Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:07:09.639{C36AC009-375D-65F0-9425-000000005403}1732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011257Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:07:08.873{C36AC009-375C-65F0-9325-000000005403}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011256Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:06:11.932{C36AC009-3723-65F0-9225-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011255Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:06:11.154{C36AC009-3723-65F0-9125-000000005403}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011254Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:06:10.391{C36AC009-3722-65F0-9025-000000005403}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011253Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:06:09.628{C36AC009-3721-65F0-8F25-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011252Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:06:08.866{C36AC009-3720-65F0-8E25-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011251Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:05:11.911{C36AC009-36E7-65F0-8D25-000000005403}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011250Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:05:11.151{C36AC009-36E7-65F0-8C25-000000005403}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011249Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:05:10.388{C36AC009-36E6-65F0-8B25-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011248Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:05:09.623{C36AC009-36E5-65F0-8A25-000000005403}2164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011247Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:05:08.862{C36AC009-36E4-65F0-8925-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011246Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:04:12.872{C36AC009-36AC-65F0-8825-000000005403}4216C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011245Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:04:12.833{C36AC009-36AC-65F0-8725-000000005403}2376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011244Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:04:12.796{C36AC009-36AC-65F0-8625-000000005403}4988C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011243Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:04:12.731{C36AC009-36AC-65F0-8425-000000005403}5012C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011242Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:04:11.792{C36AC009-36AB-65F0-8325-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011241Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:04:11.120{C36AC009-36AB-65F0-8225-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011240Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:04:10.356{C36AC009-36AA-65F0-8125-000000005403}4340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011239Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:04:09.594{C36AC009-36A9-65F0-8025-000000005403}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011238Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:04:08.844{C36AC009-36A8-65F0-7F25-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011237Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:03:11.772{C36AC009-366F-65F0-7E25-000000005403}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011236Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:03:11.115{C36AC009-366F-65F0-7D25-000000005403}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011235Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:03:10.353{C36AC009-366E-65F0-7C25-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011234Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:03:09.588{C36AC009-366D-65F0-7B25-000000005403}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011233Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:03:08.839{C36AC009-366C-65F0-7A25-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011232Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:02:11.837{C36AC009-3633-65F0-7925-000000005403}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011231Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:02:11.072{C36AC009-3633-65F0-7825-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011230Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:02:10.310{C36AC009-3632-65F0-7725-000000005403}424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011229Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:02:09.591{C36AC009-3631-65F0-7625-000000005403}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011228Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:02:08.825{C36AC009-3630-65F0-7525-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011227Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:01:11.807{C36AC009-35F7-65F0-7425-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011226Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:01:11.042{C36AC009-35F7-65F0-7325-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011225Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:01:10.276{C36AC009-35F6-65F0-7225-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011224Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:01:09.588{C36AC009-35F5-65F0-7125-000000005403}2040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011223Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:01:08.838{C36AC009-35F4-65F0-7025-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011222Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:00:11.718{C36AC009-35BB-65F0-6F25-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011221Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:00:10.967{C36AC009-35BA-65F0-6E25-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011220Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:00:10.217{C36AC009-35BA-65F0-6D25-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011219Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:00:09.575{C36AC009-35B9-65F0-6C25-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011218Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 11:00:08.823{C36AC009-35B8-65F0-6B25-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011217Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:59:12.868{C36AC009-3580-65F0-6A25-000000005403}1272C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011216Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:59:12.827{C36AC009-3580-65F0-6925-000000005403}4800C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011215Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:59:12.791{C36AC009-3580-65F0-6825-000000005403}3780C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011214Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:59:12.725{C36AC009-3580-65F0-6625-000000005403}1228C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011213Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:59:11.813{C36AC009-357F-65F0-6525-000000005403}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011212Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:59:11.063{C36AC009-357F-65F0-6425-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011211Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:59:10.312{C36AC009-357E-65F0-6325-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011210Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:59:09.560{C36AC009-357D-65F0-6225-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011209Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:59:08.809{C36AC009-357C-65F0-6125-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011208Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:58:11.669{C36AC009-3543-65F0-6025-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011207Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:58:11.059{C36AC009-3543-65F0-5F25-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011206Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:58:10.309{C36AC009-3542-65F0-5E25-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011205Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:58:09.556{C36AC009-3541-65F0-5D25-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011204Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:58:08.803{C36AC009-3540-65F0-5C25-000000005403}304C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011203Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:57:11.817{C36AC009-3507-65F0-5B25-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011202Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:57:11.067{C36AC009-3507-65F0-5A25-000000005403}1088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011201Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:57:10.317{C36AC009-3506-65F0-5925-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011200Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:57:09.551{C36AC009-3505-65F0-5825-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011199Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:57:08.799{C36AC009-3504-65F0-5725-000000005403}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011198Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:56:11.802{C36AC009-34CB-65F0-5625-000000005403}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011197Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:56:11.049{C36AC009-34CB-65F0-5525-000000005403}2456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011196Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:56:10.296{C36AC009-34CA-65F0-5425-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011195Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:56:09.546{C36AC009-34C9-65F0-5325-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011194Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:56:08.790{C36AC009-34C8-65F0-5225-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011193Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:55:11.727{C36AC009-348F-65F0-5125-000000005403}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011192Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:55:10.973{C36AC009-348E-65F0-5025-000000005403}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011191Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:55:10.224{C36AC009-348E-65F0-4F25-000000005403}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011190Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:55:09.532{C36AC009-348D-65F0-4E25-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011189Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:55:08.782{C36AC009-348C-65F0-4D25-000000005403}3348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011187Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:54:12.850{C36AC009-3454-65F0-4C25-000000005403}4560C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011186Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:54:12.810{C36AC009-3454-65F0-4B25-000000005403}4320C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011185Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:54:12.773{C36AC009-3454-65F0-4A25-000000005403}3468C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011184Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:54:12.708{C36AC009-3454-65F0-4825-000000005403}3372C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011183Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:54:11.823{C36AC009-3453-65F0-4725-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011182Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:54:11.056{C36AC009-3453-65F0-4625-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011181Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:54:10.306{C36AC009-3452-65F0-4525-000000005403}4136C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011180Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:54:09.541{C36AC009-3451-65F0-4425-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011179Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:54:08.782{C36AC009-3450-65F0-4325-000000005403}208C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011178Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:53:11.800{C36AC009-3417-65F0-4225-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011177Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:53:11.044{C36AC009-3417-65F0-4125-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011176Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:53:10.279{C36AC009-3416-65F0-4025-000000005403}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011175Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:53:09.539{C36AC009-3415-65F0-3F25-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011174Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:53:08.784{C36AC009-3414-65F0-3E25-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011173Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:52:11.781{C36AC009-33DB-65F0-3D25-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011172Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:52:11.019{C36AC009-33DB-65F0-3C25-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011171Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:52:10.258{C36AC009-33DA-65F0-3B25-000000005403}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011170Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:52:09.508{C36AC009-33D9-65F0-3A25-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011169Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:52:08.758{C36AC009-33D8-65F0-3925-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011168Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:51:11.791{C36AC009-339F-65F0-3825-000000005403}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011167Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:51:11.025{C36AC009-339F-65F0-3725-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011166Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:51:10.271{C36AC009-339E-65F0-3625-000000005403}4500C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011165Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:51:09.514{C36AC009-339D-65F0-3525-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011164Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:51:08.749{C36AC009-339C-65F0-3425-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011163Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:50:11.652{C36AC009-3363-65F0-3325-000000005403}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011162Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:50:11.027{C36AC009-3363-65F0-3225-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011161Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:50:10.265{C36AC009-3362-65F0-3125-000000005403}4952C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011160Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:50:09.493{C36AC009-3361-65F0-3025-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011159Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:50:08.743{C36AC009-3360-65F0-2F25-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011158Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:49:12.840{C36AC009-3328-65F0-2E25-000000005403}4496C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011157Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:49:12.801{C36AC009-3328-65F0-2D25-000000005403}2996C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011156Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:49:12.765{C36AC009-3328-65F0-2C25-000000005403}424C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011155Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:49:12.701{C36AC009-3328-65F0-2A25-000000005403}4812C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011154Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:49:11.626{C36AC009-3327-65F0-2925-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011153Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:49:11.032{C36AC009-3327-65F0-2825-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011152Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:49:10.273{C36AC009-3326-65F0-2625-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011151Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:49:09.516{C36AC009-3325-65F0-2525-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011150Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:49:08.750{C36AC009-3324-65F0-2425-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011149Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:48:11.680{C36AC009-32EB-65F0-2325-000000005403}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011148Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:48:11.012{C36AC009-32EB-65F0-2225-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011147Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:48:10.271{C36AC009-32EA-65F0-2125-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011146Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:48:09.513{C36AC009-32E9-65F0-2025-000000005403}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011145Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:48:08.755{C36AC009-32E8-65F0-1F25-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011144Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:47:11.654{C36AC009-32AF-65F0-1E25-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011143Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:47:11.038{C36AC009-32AF-65F0-1D25-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011142Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:47:10.280{C36AC009-32AE-65F0-1C25-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011141Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:47:09.508{C36AC009-32AD-65F0-1B25-000000005403}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011140Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:47:08.750{C36AC009-32AC-65F0-1A25-000000005403}4148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011139Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:46:11.622{C36AC009-3273-65F0-1925-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011138Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:46:11.004{C36AC009-3273-65F0-1825-000000005403}2456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011137Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:46:10.275{C36AC009-3272-65F0-1725-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011136Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:46:09.512{C36AC009-3271-65F0-1625-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011135Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:46:08.753{C36AC009-3270-65F0-1525-000000005403}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011134Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:45:11.655{C36AC009-3237-65F0-1425-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011133Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:45:10.889{C36AC009-3236-65F0-1325-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011132Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:45:10.130{C36AC009-3236-65F0-1225-000000005403}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011131Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:45:09.485{C36AC009-3235-65F0-1125-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011130Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:45:08.729{C36AC009-3234-65F0-1025-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011129Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:44:12.830{C36AC009-31FC-65F0-0F25-000000005403}4212C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011128Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:44:12.788{C36AC009-31FC-65F0-0E25-000000005403}2116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011127Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:44:12.753{C36AC009-31FC-65F0-0D25-000000005403}4584C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011126Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:44:12.688{C36AC009-31FC-65F0-0B25-000000005403}2808C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011125Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:44:11.682{C36AC009-31FB-65F0-0A25-000000005403}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011124Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:44:10.984{C36AC009-31FA-65F0-0925-000000005403}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011123Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:44:10.224{C36AC009-31FA-65F0-0825-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011122Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:44:09.474{C36AC009-31F9-65F0-0725-000000005403}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011121Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:44:08.717{C36AC009-31F8-65F0-0625-000000005403}4500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011120Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:43:11.735{C36AC009-31BF-65F0-0525-000000005403}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011119Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:43:10.975{C36AC009-31BE-65F0-0425-000000005403}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011118Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:43:10.225{C36AC009-31BE-65F0-0325-000000005403}3824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011117Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:43:09.464{C36AC009-31BD-65F0-0225-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011116Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:43:08.713{C36AC009-31BC-65F0-0125-000000005403}4176C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011115Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:42:11.722{C36AC009-3183-65F0-0025-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011114Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:42:10.972{C36AC009-3182-65F0-FF24-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011113Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:42:10.210{C36AC009-3182-65F0-FE24-000000005403}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011112Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:42:09.449{C36AC009-3181-65F0-FD24-000000005403}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011111Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:42:08.701{C36AC009-3180-65F0-FC24-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011110Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:41:11.544{C36AC009-3147-65F0-FB24-000000005403}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011109Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:41:10.923{C36AC009-3146-65F0-FA24-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011108Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:41:10.220{C36AC009-3146-65F0-F924-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011107Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:41:09.454{C36AC009-3145-65F0-F824-000000005403}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011106Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:41:08.696{C36AC009-3144-65F0-F724-000000005403}4744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011105Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:40:11.160{C36AC009-310B-65F0-F624-000000005403}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011104Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:40:10.541{C36AC009-310A-65F0-F524-000000005403}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011103Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:40:09.916{C36AC009-3109-65F0-F424-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011102Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:40:09.291{C36AC009-3109-65F0-F324-000000005403}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011101Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:40:08.682{C36AC009-3108-65F0-F224-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011100Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:39:12.814{C36AC009-30D0-65F0-F124-000000005403}4356C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011099Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:39:12.773{C36AC009-30D0-65F0-F024-000000005403}2500C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011098Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:39:12.736{C36AC009-30D0-65F0-EF24-000000005403}4556C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011097Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:39:12.671{C36AC009-30D0-65F0-ED24-000000005403}4100C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011096Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:39:11.696{C36AC009-30CF-65F0-EC24-000000005403}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011095Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:39:10.935{C36AC009-30CE-65F0-EB24-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011094Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:39:10.185{C36AC009-30CE-65F0-EA24-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011093Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:39:09.420{C36AC009-30CD-65F0-E924-000000005403}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011092Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:39:08.659{C36AC009-30CC-65F0-E824-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011091Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:38:11.680{C36AC009-3093-65F0-E724-000000005403}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011090Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:38:10.925{C36AC009-3092-65F0-E624-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011089Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:38:10.175{C36AC009-3092-65F0-E524-000000005403}3824C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011088Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:38:09.409{C36AC009-3091-65F0-E424-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011087Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:38:08.646{C36AC009-3090-65F0-E324-000000005403}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011086Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:37:11.638{C36AC009-3057-65F0-E224-000000005403}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011085Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:37:10.890{C36AC009-3056-65F0-E124-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011084Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:37:10.140{C36AC009-3056-65F0-E024-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011083Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:37:09.390{C36AC009-3055-65F0-DF24-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011082Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:37:08.640{C36AC009-3054-65F0-DE24-000000005403}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011081Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:36:11.665{C36AC009-301B-65F0-DD24-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011080Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:36:10.900{C36AC009-301A-65F0-DC24-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011079Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:36:10.135{C36AC009-301A-65F0-DB24-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011078Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:36:09.385{C36AC009-3019-65F0-DA24-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011077Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:36:08.635{C36AC009-3018-65F0-D924-000000005403}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011076Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:35:11.649{C36AC009-2FDF-65F0-D824-000000005403}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011075Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:35:10.899{C36AC009-2FDE-65F0-D724-000000005403}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011074Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:35:10.134{C36AC009-2FDE-65F0-D624-000000005403}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011073Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:35:09.369{C36AC009-2FDD-65F0-D524-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011072Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:35:08.619{C36AC009-2FDC-65F0-D424-000000005403}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011071Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:34:12.800{C36AC009-2FA4-65F0-D324-000000005403}4788C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011070Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:34:12.759{C36AC009-2FA4-65F0-D224-000000005403}2736C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011069Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:34:12.723{C36AC009-2FA4-65F0-D124-000000005403}356C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011068Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:34:12.660{C36AC009-2FA4-65F0-CF24-000000005403}2672C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011067Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:34:11.715{C36AC009-2FA3-65F0-CE24-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011066Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:34:10.965{C36AC009-2FA2-65F0-CD24-000000005403}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011065Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:34:10.198{C36AC009-2FA2-65F0-CC24-000000005403}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011064Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:34:09.448{C36AC009-2FA1-65F0-CB24-000000005403}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011063Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:34:08.683{C36AC009-2FA0-65F0-CA24-000000005403}2376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011062Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:33:11.581{C36AC009-2F67-65F0-C924-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011061Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:33:10.923{C36AC009-2F66-65F0-C824-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011060Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:33:10.173{C36AC009-2F66-65F0-C724-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011059Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:33:09.422{C36AC009-2F65-65F0-C624-000000005403}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011058Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:33:08.686{C36AC009-2F64-65F0-C524-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011057Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:32:11.637{C36AC009-2F2B-65F0-C424-000000005403}2828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011056Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:32:10.885{C36AC009-2F2A-65F0-C324-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011055Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:32:10.135{C36AC009-2F2A-65F0-C224-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011054Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:32:09.430{C36AC009-2F29-65F0-C124-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011053Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:32:08.678{C36AC009-2F28-65F0-C024-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011052Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:31:11.614{C36AC009-2EEF-65F0-BF24-000000005403}1176C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011051Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:31:10.922{C36AC009-2EEE-65F0-BE24-000000005403}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011050Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:31:10.172{C36AC009-2EEE-65F0-BD24-000000005403}4500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011049Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:31:09.422{C36AC009-2EED-65F0-BC24-000000005403}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011048Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:31:08.667{C36AC009-2EEC-65F0-BB24-000000005403}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011047Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:30:11.594{C36AC009-2EB3-65F0-BA24-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011046Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:30:10.937{C36AC009-2EB2-65F0-B924-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011045Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:30:10.184{C36AC009-2EB2-65F0-B824-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011044Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:30:09.417{C36AC009-2EB1-65F0-B724-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011043Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:30:08.665{C36AC009-2EB0-65F0-B624-000000005403}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011042Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:29:12.792{C36AC009-2E78-65F0-B524-000000005403}4200C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011041Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:29:12.751{C36AC009-2E78-65F0-B424-000000005403}4544C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011040Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:29:12.715{C36AC009-2E78-65F0-B324-000000005403}3780C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011039Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:29:12.650{C36AC009-2E78-65F0-B124-000000005403}3848C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011038Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:29:11.707{C36AC009-2E77-65F0-B024-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011037Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:29:10.937{C36AC009-2E76-65F0-AF24-000000005403}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011036Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:29:10.183{C36AC009-2E76-65F0-AE24-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011035Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:29:09.433{C36AC009-2E75-65F0-AD24-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011034Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:29:08.664{C36AC009-2E74-65F0-AC24-000000005403}1948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011033Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:28:11.678{C36AC009-2E3B-65F0-AB24-000000005403}4744C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011032Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:28:10.923{C36AC009-2E3A-65F0-AA24-000000005403}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011031Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:28:10.173{C36AC009-2E3A-65F0-A924-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011030Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:28:09.419{C36AC009-2E39-65F0-A824-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011029Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:28:08.664{C36AC009-2E38-65F0-A724-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011028Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:27:11.522{C36AC009-2DFF-65F0-A624-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011027Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:27:10.768{C36AC009-2DFE-65F0-A524-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011026Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:27:10.013{C36AC009-2DFE-65F0-A424-000000005403}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011025Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:27:09.419{C36AC009-2DFD-65F0-A324-000000005403}424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011024Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:27:08.665{C36AC009-2DFC-65F0-A224-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011023Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:26:11.650{C36AC009-2DC3-65F0-A124-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011022Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:26:10.874{C36AC009-2DC2-65F0-A024-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011021Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:26:10.124{C36AC009-2DC2-65F0-9F24-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011020Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:26:09.389{C36AC009-2DC1-65F0-9E24-000000005403}804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011019Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:26:08.647{C36AC009-2DC0-65F0-9D24-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011018Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:25:11.684{C36AC009-2D87-65F0-9C24-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011017Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:25:10.929{C36AC009-2D86-65F0-9B24-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011016Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:25:10.173{C36AC009-2D86-65F0-9A24-000000005403}1380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011015Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:25:09.407{C36AC009-2D85-65F0-9924-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011014Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:25:08.651{C36AC009-2D84-65F0-9824-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011013Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:24:12.779{C36AC009-2D4C-65F0-9724-000000005403}4724C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011012Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:24:12.738{C36AC009-2D4C-65F0-9624-000000005403}3956C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011011Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:24:12.701{C36AC009-2D4C-65F0-9524-000000005403}4588C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011010Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:24:12.636{C36AC009-2D4C-65F0-9324-000000005403}208C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000011009Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:24:11.593{C36AC009-2D4B-65F0-9224-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011008Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:24:10.836{C36AC009-2D4A-65F0-9124-000000005403}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011007Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:24:10.080{C36AC009-2D4A-65F0-9024-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011006Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:24:09.408{C36AC009-2D49-65F0-8F24-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011005Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:24:08.651{C36AC009-2D48-65F0-8E24-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011004Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:23:11.666{C36AC009-2D0F-65F0-8D24-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011003Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:23:10.917{C36AC009-2D0E-65F0-8C24-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011002Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:23:10.152{C36AC009-2D0E-65F0-8B24-000000005403}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011001Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:23:09.402{C36AC009-2D0D-65F0-8A24-000000005403}3660C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000011000Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:23:08.637{C36AC009-2D0C-65F0-8924-000000005403}1140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010999Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:22:11.587{C36AC009-2CD3-65F0-8824-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010998Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:22:10.829{C36AC009-2CD2-65F0-8724-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010997Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:22:10.071{C36AC009-2CD2-65F0-8624-000000005403}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010996Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:22:09.384{C36AC009-2CD1-65F0-8524-000000005403}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010995Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:22:08.626{C36AC009-2CD0-65F0-8424-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010994Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:21:11.636{C36AC009-2C97-65F0-8324-000000005403}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010993Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:21:10.886{C36AC009-2C96-65F0-8224-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010992Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:21:10.134{C36AC009-2C96-65F0-8124-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010991Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:21:09.384{C36AC009-2C95-65F0-8024-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010990Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:21:08.610{C36AC009-2C94-65F0-7F24-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010989Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:20:11.625{C36AC009-2C5B-65F0-7E24-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010988Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:20:10.859{C36AC009-2C5A-65F0-7D24-000000005403}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010987Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:20:10.100{C36AC009-2C5A-65F0-7C24-000000005403}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010986Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:20:09.341{C36AC009-2C59-65F0-7B24-000000005403}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010985Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:20:08.591{C36AC009-2C58-65F0-7A24-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010984Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:19:12.759{C36AC009-2C20-65F0-7924-000000005403}4124C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010983Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:19:12.720{C36AC009-2C20-65F0-7824-000000005403}4420C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010982Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:19:12.684{C36AC009-2C20-65F0-7724-000000005403}2336C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010981Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:19:12.620{C36AC009-2C20-65F0-7524-000000005403}3820C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010980Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:19:11.464{C36AC009-2C1F-65F0-7424-000000005403}2084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010979Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:19:10.704{C36AC009-2C1E-65F0-7324-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010978Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:19:09.945{C36AC009-2C1D-65F0-7224-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010977Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:19:09.336{C36AC009-2C1D-65F0-7124-000000005403}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010976Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:19:08.576{C36AC009-2C1C-65F0-7024-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010975Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:18:11.474{C36AC009-2BE3-65F0-6F24-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010974Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:18:10.838{C36AC009-2BE2-65F0-6E24-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010973Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:18:10.094{C36AC009-2BE2-65F0-6D24-000000005403}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010972Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:18:09.328{C36AC009-2BE1-65F0-6C24-000000005403}4668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010971Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:18:08.568{C36AC009-2BE0-65F0-6B24-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010970Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:17:11.609{C36AC009-2BA7-65F0-6A24-000000005403}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010969Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:17:10.844{C36AC009-2BA6-65F0-6924-000000005403}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010968Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:17:10.083{C36AC009-2BA6-65F0-6824-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010967Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:17:09.322{C36AC009-2BA5-65F0-6724-000000005403}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010966Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:17:08.557{C36AC009-2BA4-65F0-6624-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010965Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:16:11.527{C36AC009-2B6B-65F0-6524-000000005403}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010964Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:16:10.770{C36AC009-2B6A-65F0-6424-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010963Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:16:10.020{C36AC009-2B6A-65F0-6324-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010962Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:16:09.301{C36AC009-2B69-65F0-6224-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010961Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:16:08.544{C36AC009-2B68-65F0-6124-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010960Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:15:11.580{C36AC009-2B2F-65F0-6024-000000005403}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010959Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:15:10.833{C36AC009-2B2E-65F0-5F24-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010958Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:15:10.071{C36AC009-2B2E-65F0-5E24-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010957Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:15:09.305{C36AC009-2B2D-65F0-5D24-000000005403}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010956Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:15:08.555{C36AC009-2B2C-65F0-5C24-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010955Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:14:12.745{C36AC009-2AF4-65F0-5B24-000000005403}4116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010954Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:14:12.706{C36AC009-2AF4-65F0-5A24-000000005403}4124C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010953Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:14:12.669{C36AC009-2AF4-65F0-5924-000000005403}3844C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010952Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:14:12.604{C36AC009-2AF4-65F0-5724-000000005403}3628C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010951Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:14:11.582{C36AC009-2AF3-65F0-5624-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010950Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:14:10.835{C36AC009-2AF2-65F0-5524-000000005403}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010949Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:14:10.072{C36AC009-2AF2-65F0-5424-000000005403}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010948Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:14:09.306{C36AC009-2AF1-65F0-5324-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010947Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:14:08.543{C36AC009-2AF0-65F0-5224-000000005403}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010946Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:13:11.575{C36AC009-2AB7-65F0-5124-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010945Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:13:10.827{C36AC009-2AB6-65F0-5024-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010944Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:13:10.061{C36AC009-2AB6-65F0-4F24-000000005403}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010943Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:13:09.298{C36AC009-2AB5-65F0-4E24-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010942Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:13:08.534{C36AC009-2AB4-65F0-4D24-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010941Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:12:11.406{C36AC009-2A7B-65F0-4C24-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010940Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:12:10.655{C36AC009-2A7A-65F0-4B24-000000005403}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010939Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:12:09.890{C36AC009-2A79-65F0-4A24-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010938Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:12:09.296{C36AC009-2A79-65F0-4924-000000005403}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010937Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:12:08.533{C36AC009-2A78-65F0-4824-000000005403}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010936Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:11:11.515{C36AC009-2A3F-65F0-4724-000000005403}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010935Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:11:10.767{C36AC009-2A3E-65F0-4624-000000005403}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010934Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:11:10.018{C36AC009-2A3E-65F0-4524-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010933Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:11:09.299{C36AC009-2A3D-65F0-4424-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010932Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:11:08.535{C36AC009-2A3C-65F0-4324-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010931Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:10:11.465{C36AC009-2A03-65F0-4224-000000005403}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010930Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:10:10.793{C36AC009-2A02-65F0-4124-000000005403}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010929Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:10:10.044{C36AC009-2A02-65F0-4024-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010928Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:10:09.294{C36AC009-2A01-65F0-3F24-000000005403}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010927Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:10:08.529{C36AC009-2A00-65F0-3E24-000000005403}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010926Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:09:12.734{C36AC009-29C8-65F0-3D24-000000005403}1088C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010925Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:09:12.693{C36AC009-29C8-65F0-3C24-000000005403}5072C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010924Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:09:12.658{C36AC009-29C8-65F0-3B24-000000005403}3864C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010923Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:09:12.592{C36AC009-29C8-65F0-3924-000000005403}1724C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010922Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:09:11.508{C36AC009-29C7-65F0-3824-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010921Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:09:10.758{C36AC009-29C6-65F0-3724-000000005403}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010920Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:09:10.008{C36AC009-29C6-65F0-3624-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010919Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:09:09.289{C36AC009-29C5-65F0-3524-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010918Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:09:08.523{C36AC009-29C4-65F0-3424-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010917Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:08:11.457{C36AC009-298B-65F0-3324-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010916Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:08:10.784{C36AC009-298A-65F0-3224-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010915Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:08:10.018{C36AC009-298A-65F0-3124-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010914Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:08:09.268{C36AC009-2989-65F0-3024-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010913Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:08:08.517{C36AC009-2988-65F0-2F24-000000005403}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010912Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:07:11.425{C36AC009-294F-65F0-2E24-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010911Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:07:10.673{C36AC009-294E-65F0-2D24-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010910Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:07:09.924{C36AC009-294D-65F0-2C24-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010909Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:07:09.267{C36AC009-294D-65F0-2B24-000000005403}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010908Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:07:08.516{C36AC009-294C-65F0-2A24-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010907Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:06:11.473{C36AC009-2913-65F0-2924-000000005403}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010906Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:06:10.723{C36AC009-2912-65F0-2824-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010905Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:06:09.969{C36AC009-2911-65F0-2724-000000005403}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010904Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:06:09.281{C36AC009-2911-65F0-2624-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010903Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:06:08.513{C36AC009-2910-65F0-2524-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010902Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:05:11.352{C36AC009-28D7-65F0-2424-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010901Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:05:10.599{C36AC009-28D6-65F0-2324-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010900Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:05:09.849{C36AC009-28D5-65F0-2224-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010899Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:05:09.253{C36AC009-28D5-65F0-2124-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010898Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:05:08.496{C36AC009-28D4-65F0-2024-000000005403}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010897Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:04:12.718{C36AC009-289C-65F0-1F24-000000005403}3048C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010896Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:04:12.678{C36AC009-289C-65F0-1E24-000000005403}3780C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010895Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:04:12.642{C36AC009-289C-65F0-1D24-000000005403}840C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010894Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:04:12.577{C36AC009-289C-65F0-1B24-000000005403}4344C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010893Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:04:11.427{C36AC009-289B-65F0-1A24-000000005403}3584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010892Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:04:10.752{C36AC009-289A-65F0-1924-000000005403}3492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010891Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:04:10.002{C36AC009-289A-65F0-1824-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010890Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:04:09.248{C36AC009-2899-65F0-1724-000000005403}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010889Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:04:08.495{C36AC009-2898-65F0-1624-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010888Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:03:11.491{C36AC009-285F-65F0-1524-000000005403}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010887Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:03:10.725{C36AC009-285E-65F0-1424-000000005403}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010886Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:03:09.972{C36AC009-285D-65F0-1324-000000005403}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010885Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:03:09.234{C36AC009-285D-65F0-1224-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010884Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:03:08.484{C36AC009-285C-65F0-1124-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010883Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:02:11.456{C36AC009-2823-65F0-1024-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010882Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:02:10.752{C36AC009-2822-65F0-0F24-000000005403}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010881Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:02:09.994{C36AC009-2821-65F0-0E24-000000005403}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010880Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:02:09.244{C36AC009-2821-65F0-0D24-000000005403}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010879Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:02:08.479{C36AC009-2820-65F0-0C24-000000005403}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010878Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:01:11.355{C36AC009-27E7-65F0-0B24-000000005403}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010877Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:01:10.741{C36AC009-27E6-65F0-0A24-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010876Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:01:09.991{C36AC009-27E5-65F0-0924-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010875Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:01:09.225{C36AC009-27E5-65F0-0824-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010874Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:01:08.466{C36AC009-27E4-65F0-0724-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010873Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:00:11.416{C36AC009-27AB-65F0-0624-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010872Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:00:10.670{C36AC009-27AA-65F0-0524-000000005403}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010871Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:00:09.905{C36AC009-27A9-65F0-0424-000000005403}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010870Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:00:09.217{C36AC009-27A9-65F0-0324-000000005403}4408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010869Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 10:00:08.462{C36AC009-27A8-65F0-0224-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010868Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:59:12.706{C36AC009-2770-65F0-0124-000000005403}4464C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010867Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:59:12.666{C36AC009-2770-65F0-0024-000000005403}4780C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010866Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:59:12.630{C36AC009-2770-65F0-FF23-000000005403}1992C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010865Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:59:12.565{C36AC009-2770-65F0-FD23-000000005403}508C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010864Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:59:11.489{C36AC009-276F-65F0-FC23-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010863Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:59:10.717{C36AC009-276E-65F0-FB23-000000005403}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010862Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:59:09.961{C36AC009-276D-65F0-FA23-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010861Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:59:09.227{C36AC009-276D-65F0-F923-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010860Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:59:08.471{C36AC009-276C-65F0-F823-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010859Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:58:11.511{C36AC009-2733-65F0-F723-000000005403}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010858Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:58:10.748{C36AC009-2732-65F0-F623-000000005403}2908C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010857Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:58:09.998{C36AC009-2731-65F0-F523-000000005403}3348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010856Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:58:09.222{C36AC009-2731-65F0-F423-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010855Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:58:08.472{C36AC009-2730-65F0-F323-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010854Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:57:11.497{C36AC009-26F7-65F0-F223-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010853Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:57:10.724{C36AC009-26F6-65F0-F123-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010852Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:57:09.967{C36AC009-26F5-65F0-F023-000000005403}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010851Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:57:09.217{C36AC009-26F5-65F0-EF23-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010850Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:57:08.459{C36AC009-26F4-65F0-EE23-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010849Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:56:11.322{C36AC009-26BB-65F0-ED23-000000005403}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010848Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:56:10.557{C36AC009-26BA-65F0-EC23-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010847Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:56:09.814{C36AC009-26B9-65F0-EB23-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010846Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:56:09.196{C36AC009-26B9-65F0-EA23-000000005403}4500C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010845Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:56:08.446{C36AC009-26B8-65F0-E923-000000005403}3040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010844Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:55:11.466{C36AC009-267F-65F0-E823-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010843Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:55:10.700{C36AC009-267E-65F0-E723-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010842Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:55:09.942{C36AC009-267D-65F0-E623-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010841Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:55:09.183{C36AC009-267D-65F0-E523-000000005403}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010840Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:55:08.434{C36AC009-267C-65F0-E423-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010839Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:54:12.696{C36AC009-2644-65F0-E323-000000005403}3160C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010838Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:54:12.657{C36AC009-2644-65F0-E223-000000005403}876C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010837Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:54:12.620{C36AC009-2644-65F0-E123-000000005403}1484C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010836Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:54:12.555{C36AC009-2644-65F0-DF23-000000005403}3748C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010835Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:54:11.453{C36AC009-2643-65F0-DE23-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010834Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:54:10.687{C36AC009-2642-65F0-DD23-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010833Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:54:09.929{C36AC009-2641-65F0-DC23-000000005403}3492C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010832Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:54:09.194{C36AC009-2641-65F0-DB23-000000005403}3412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010831Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:54:08.435{C36AC009-2640-65F0-DA23-000000005403}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010830Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:53:11.474{C36AC009-2607-65F0-D923-000000005403}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010829Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:53:10.708{C36AC009-2606-65F0-D823-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010828Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:53:09.955{C36AC009-2605-65F0-D723-000000005403}2392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010827Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:53:09.205{C36AC009-2605-65F0-D623-000000005403}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010826Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:53:08.439{C36AC009-2604-65F0-D523-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010825Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:52:11.379{C36AC009-25CB-65F0-D423-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010824Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:52:10.713{C36AC009-25CA-65F0-D323-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010823Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:52:09.952{C36AC009-25C9-65F0-D223-000000005403}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010822Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:52:09.192{C36AC009-25C9-65F0-D123-000000005403}1504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010821Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:52:08.426{C36AC009-25C8-65F0-D023-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010820Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:51:11.347{C36AC009-258F-65F0-CF23-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010819Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:51:10.591{C36AC009-258E-65F0-CE23-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010818Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:51:09.830{C36AC009-258D-65F0-CD23-000000005403}4668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010817Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:51:09.189{C36AC009-258D-65F0-CC23-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010816Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:51:08.412{C36AC009-258C-65F0-CB23-000000005403}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010815Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:50:11.439{C36AC009-2553-65F0-CA23-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010814Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:50:10.681{C36AC009-2552-65F0-C923-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010813Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:50:09.919{C36AC009-2551-65F0-C823-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010812Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:50:09.158{C36AC009-2551-65F0-C723-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010811Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:50:08.396{C36AC009-2550-65F0-C623-000000005403}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010810Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:49:12.685{C36AC009-2518-65F0-C523-000000005403}2084C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010809Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:49:12.646{C36AC009-2518-65F0-C423-000000005403}3372C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010808Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:49:12.609{C36AC009-2518-65F0-C323-000000005403}3048C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010807Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:49:12.544{C36AC009-2518-65F0-C123-000000005403}4464C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010806Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:49:11.432{C36AC009-2517-65F0-C023-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010805Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:49:10.670{C36AC009-2516-65F0-BF23-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010804Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:49:09.907{C36AC009-2515-65F0-BE23-000000005403}3188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010803Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:49:09.145{C36AC009-2515-65F0-BD23-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010802Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:49:08.382{C36AC009-2514-65F0-BC23-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010801Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:48:11.417{C36AC009-24DB-65F0-BB23-000000005403}4932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010800Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:48:10.652{C36AC009-24DA-65F0-BA23-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010799Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:48:09.880{C36AC009-24D9-65F0-B923-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010798Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:48:09.114{C36AC009-24D9-65F0-B823-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010797Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:48:08.364{C36AC009-24D8-65F0-B723-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010796Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:47:11.367{C36AC009-249F-65F0-B623-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010795Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:47:10.603{C36AC009-249E-65F0-B523-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010794Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:47:09.856{C36AC009-249D-65F0-B423-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010793Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:47:09.124{C36AC009-249D-65F0-B323-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010792Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:47:08.374{C36AC009-249C-65F0-B223-000000005403}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010791Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:46:11.410{C36AC009-2463-65F0-B123-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010790Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:46:10.647{C36AC009-2462-65F0-B023-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010789Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:46:09.883{C36AC009-2461-65F0-AF23-000000005403}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010788Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:46:09.119{C36AC009-2461-65F0-AE23-000000005403}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010787Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:46:08.355{C36AC009-2460-65F0-AD23-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010786Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:45:11.312{C36AC009-2427-65F0-AC23-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010785Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:45:10.549{C36AC009-2426-65F0-AB23-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010784Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:45:09.799{C36AC009-2425-65F0-AA23-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010783Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:45:09.097{C36AC009-2425-65F0-A923-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010782Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:45:08.334{C36AC009-2424-65F0-A823-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010781Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:44:12.675{C36AC009-23EC-65F0-A723-000000005403}4828C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010780Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:44:12.636{C36AC009-23EC-65F0-A623-000000005403}4616C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010779Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:44:12.599{C36AC009-23EC-65F0-A523-000000005403}3564C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010778Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:44:12.534{C36AC009-23EC-65F0-A323-000000005403}2900C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010777Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:44:11.342{C36AC009-23EB-65F0-A223-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010776Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:44:10.592{C36AC009-23EA-65F0-A123-000000005403}424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010775Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:44:09.842{C36AC009-23E9-65F0-A023-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010774Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:44:09.077{C36AC009-23E9-65F0-9F23-000000005403}1992C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010773Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:44:08.328{C36AC009-23E8-65F0-9E23-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010772Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:43:11.239{C36AC009-23AF-65F0-9D23-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010771Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:43:10.581{C36AC009-23AE-65F0-9C23-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010770Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:43:09.831{C36AC009-23AD-65F0-9B23-000000005403}3040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010769Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:43:09.081{C36AC009-23AD-65F0-9A23-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010768Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:43:08.324{C36AC009-23AC-65F0-9923-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010767Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:42:11.294{C36AC009-2373-65F0-9823-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010766Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:42:10.529{C36AC009-2372-65F0-9723-000000005403}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010765Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:42:09.778{C36AC009-2371-65F0-9623-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010764Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:42:09.075{C36AC009-2371-65F0-9523-000000005403}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010763Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:42:08.323{C36AC009-2370-65F0-9423-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010762Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:41:11.323{C36AC009-2337-65F0-9323-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010761Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:41:10.571{C36AC009-2336-65F0-9223-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010760Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:41:09.821{C36AC009-2335-65F0-9123-000000005403}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010759Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:41:09.070{C36AC009-2335-65F0-9023-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010758Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:41:08.318{C36AC009-2334-65F0-8F23-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010757Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:40:11.218{C36AC009-22FB-65F0-8E23-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010756Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:40:10.577{C36AC009-22FA-65F0-8D23-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010755Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:40:09.826{C36AC009-22F9-65F0-8C23-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010754Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:40:09.074{C36AC009-22F9-65F0-8B23-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010753Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:40:08.324{C36AC009-22F8-65F0-8A23-000000005403}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010752Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:39:12.675{C36AC009-22C0-65F0-8923-000000005403}4788C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010751Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:39:12.634{C36AC009-22C0-65F0-8823-000000005403}588C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010750Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:39:12.598{C36AC009-22C0-65F0-8723-000000005403}4256C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010749Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:39:12.532{C36AC009-22C0-65F0-8523-000000005403}4472C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010748Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:39:11.312{C36AC009-22BF-65F0-8423-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010747Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:39:10.575{C36AC009-22BE-65F0-8323-000000005403}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010746Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:39:09.823{C36AC009-22BD-65F0-8223-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010745Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:39:09.073{C36AC009-22BD-65F0-8123-000000005403}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010744Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:39:08.318{C36AC009-22BC-65F0-8023-000000005403}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010743Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:38:11.217{C36AC009-2283-65F0-7F23-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010742Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:38:10.572{C36AC009-2282-65F0-7E23-000000005403}5004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010741Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:38:09.822{C36AC009-2281-65F0-7D23-000000005403}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010740Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:38:09.066{C36AC009-2281-65F0-7C23-000000005403}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010739Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:38:08.298{C36AC009-2280-65F0-7B23-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010738Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:37:11.322{C36AC009-2247-65F0-7A23-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010737Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:37:10.568{C36AC009-2246-65F0-7923-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010736Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:37:09.799{C36AC009-2245-65F0-7823-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010735Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:37:09.029{C36AC009-2245-65F0-7723-000000005403}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010734Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:37:08.279{C36AC009-2244-65F0-7623-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010733Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:36:11.215{C36AC009-220B-65F0-7523-000000005403}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010732Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:36:10.542{C36AC009-220A-65F0-7423-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010731Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:36:09.792{C36AC009-2209-65F0-7323-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010730Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:36:09.042{C36AC009-2209-65F0-7223-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010729Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:36:08.267{C36AC009-2208-65F0-7123-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010728Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:35:11.208{C36AC009-21CF-65F0-7023-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010727Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:35:10.518{C36AC009-21CE-65F0-6F23-000000005403}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010726Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:35:09.767{C36AC009-21CD-65F0-6E23-000000005403}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010725Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:35:09.007{C36AC009-21CD-65F0-6D23-000000005403}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010724Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:35:08.257{C36AC009-21CC-65F0-6C23-000000005403}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010723Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:34:12.670{C36AC009-2194-65F0-6B23-000000005403}5084C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010722Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:34:12.631{C36AC009-2194-65F0-6A23-000000005403}4408C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010721Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:34:12.593{C36AC009-2194-65F0-6923-000000005403}4788C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010720Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:34:12.528{C36AC009-2194-65F0-6723-000000005403}4800C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010719Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:34:11.173{C36AC009-2193-65F0-6623-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010718Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:34:10.417{C36AC009-2192-65F0-6523-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010717Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:34:09.659{C36AC009-2191-65F0-6423-000000005403}1088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010716Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:34:08.981{C36AC009-2190-65F0-6323-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010715Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:34:08.231{C36AC009-2190-65F0-6223-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010714Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:33:11.107{C36AC009-2157-65F0-6123-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010713Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:33:10.497{C36AC009-2156-65F0-6023-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010712Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:33:09.738{C36AC009-2155-65F0-5F23-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010711Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:33:08.982{C36AC009-2154-65F0-5E23-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010710Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:33:08.232{C36AC009-2154-65F0-5D23-000000005403}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010709Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:32:11.288{C36AC009-211B-65F0-5C23-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010708Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:32:10.516{C36AC009-211A-65F0-5B23-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010707Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:32:09.750{C36AC009-2119-65F0-5A23-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010706Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:32:08.994{C36AC009-2118-65F0-5923-000000005403}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010705Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:32:08.237{C36AC009-2118-65F0-5823-000000005403}2300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010704Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:31:11.273{C36AC009-20DF-65F0-5723-000000005403}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010703Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:31:10.507{C36AC009-20DE-65F0-5623-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010702Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:31:09.743{C36AC009-20DD-65F0-5523-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010701Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:31:08.989{C36AC009-20DC-65F0-5423-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010700Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:31:08.239{C36AC009-20DC-65F0-5323-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010699Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:30:11.192{C36AC009-20A3-65F0-5223-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010698Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:30:10.434{C36AC009-20A2-65F0-5123-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010697Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:30:09.677{C36AC009-20A1-65F0-5023-000000005403}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010696Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:30:08.986{C36AC009-20A0-65F0-4F23-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010695Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:30:08.236{C36AC009-20A0-65F0-4E23-000000005403}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010694Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:29:12.667{C36AC009-2068-65F0-4D23-000000005403}4336C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010693Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:29:12.627{C36AC009-2068-65F0-4C23-000000005403}1228C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010692Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:29:12.590{C36AC009-2068-65F0-4B23-000000005403}588C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010691Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:29:12.525{C36AC009-2068-65F0-4923-000000005403}3712C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010690Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:29:11.128{C36AC009-2067-65F0-4823-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010689Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:29:10.378{C36AC009-2066-65F0-4723-000000005403}5000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010688Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:29:09.628{C36AC009-2065-65F0-4623-000000005403}3960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010687Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:29:08.985{C36AC009-2064-65F0-4523-000000005403}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010686Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:29:08.223{C36AC009-2064-65F0-4423-000000005403}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010685Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:28:11.087{C36AC009-202B-65F0-4323-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010684Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:28:10.328{C36AC009-202A-65F0-4223-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010683Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:28:09.586{C36AC009-2029-65F0-4123-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010682Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:28:08.975{C36AC009-2028-65F0-4023-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010681Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:28:08.214{C36AC009-2028-65F0-3F23-000000005403}4972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010680Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:27:11.078{C36AC009-1FEF-65F0-3E23-000000005403}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010679Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:27:10.320{C36AC009-1FEE-65F0-3D23-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010678Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:27:09.570{C36AC009-1FED-65F0-3C23-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010677Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:27:08.967{C36AC009-1FEC-65F0-3B23-000000005403}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010676Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:27:08.199{C36AC009-1FEC-65F0-3A23-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010675Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:26:11.242{C36AC009-1FB3-65F0-3923-000000005403}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010674Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:26:10.462{C36AC009-1FB2-65F0-3823-000000005403}2084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010673Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:26:09.702{C36AC009-1FB1-65F0-3723-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010672Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:26:08.944{C36AC009-1FB0-65F0-3623-000000005403}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010671Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:26:08.188{C36AC009-1FB0-65F0-3523-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010670Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:25:11.158{C36AC009-1F77-65F0-3423-000000005403}1484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010669Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:25:10.411{C36AC009-1F76-65F0-3323-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010668Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:25:09.674{C36AC009-1F75-65F0-3223-000000005403}4404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010667Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:25:08.924{C36AC009-1F74-65F0-3123-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010666Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:25:08.174{C36AC009-1F74-65F0-3023-000000005403}2392C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010665Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:24:12.664{C36AC009-1F3C-65F0-2F23-000000005403}3320C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010664Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:24:12.624{C36AC009-1F3C-65F0-2E23-000000005403}4740C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010663Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:24:12.587{C36AC009-1F3C-65F0-2D23-000000005403}4536C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010662Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:24:12.522{C36AC009-1F3C-65F0-2B23-000000005403}4348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010661Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:24:10.662{C36AC009-1F3A-65F0-2A23-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010660Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:24:10.041{C36AC009-1F3A-65F0-2923-000000005403}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010659Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:24:09.416{C36AC009-1F39-65F0-2823-000000005403}764C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010658Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:24:08.791{C36AC009-1F38-65F0-2723-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010657Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:24:08.159{C36AC009-1F38-65F0-2623-000000005403}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010656Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:23:11.114{C36AC009-1EFF-65F0-2523-000000005403}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010655Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:23:10.364{C36AC009-1EFE-65F0-2423-000000005403}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010654Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:23:09.614{C36AC009-1EFD-65F0-2323-000000005403}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010653Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:23:08.903{C36AC009-1EFC-65F0-2223-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010652Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:23:08.137{C36AC009-1EFC-65F0-2123-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010651Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:22:11.160{C36AC009-1EC3-65F0-2023-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010650Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:22:10.397{C36AC009-1EC2-65F0-1F23-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010649Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:22:09.647{C36AC009-1EC1-65F0-1E23-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010648Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:22:08.885{C36AC009-1EC0-65F0-1D23-000000005403}372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010647Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:22:08.122{C36AC009-1EC0-65F0-1C23-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010646Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:21:11.056{C36AC009-1E87-65F0-1B23-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010645Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:21:10.293{C36AC009-1E86-65F0-1A23-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010644Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:21:09.546{C36AC009-1E85-65F0-1923-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010643Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:21:08.873{C36AC009-1E84-65F0-1823-000000005403}2084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010642Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:21:08.110{C36AC009-1E84-65F0-1723-000000005403}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010641Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:20:11.106{C36AC009-1E4B-65F0-1623-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010640Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:20:10.356{C36AC009-1E4A-65F0-1523-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010639Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:20:09.608{C36AC009-1E49-65F0-1423-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010638Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:20:08.844{C36AC009-1E48-65F0-1323-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010637Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:20:08.094{C36AC009-1E48-65F0-1223-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010636Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:19:12.661{C36AC009-1E10-65F0-1123-000000005403}3556C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010635Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:19:12.620{C36AC009-1E10-65F0-1023-000000005403}4336C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010634Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:19:12.584{C36AC009-1E10-65F0-0F23-000000005403}3004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010633Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:19:12.519{C36AC009-1E10-65F0-0D23-000000005403}3320C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010632Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:19:10.984{C36AC009-1E0E-65F0-0C23-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010631Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:19:10.374{C36AC009-1E0E-65F0-0B23-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010630Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:19:09.609{C36AC009-1E0D-65F0-0A23-000000005403}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010629Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:19:08.860{C36AC009-1E0C-65F0-0923-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010628Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:19:08.094{C36AC009-1E0C-65F0-0823-000000005403}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010627Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:18:11.052{C36AC009-1DD3-65F0-0723-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010626Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:18:10.287{C36AC009-1DD2-65F0-0623-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010625Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:18:09.523{C36AC009-1DD1-65F0-0523-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010624Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:18:08.820{C36AC009-1DD0-65F0-0423-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010623Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:18:08.070{C36AC009-1DD0-65F0-0323-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010622Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:17:10.872{C36AC009-1D96-65F0-0223-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010621Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:17:10.245{C36AC009-1D96-65F0-0123-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010620Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:17:09.558{C36AC009-1D95-65F0-0023-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010619Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:17:08.808{C36AC009-1D94-65F0-FF22-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010618Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:17:08.055{C36AC009-1D94-65F0-FE22-000000005403}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010617Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:16:10.917{C36AC009-1D5A-65F0-FD22-000000005403}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010616Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:16:10.307{C36AC009-1D5A-65F0-FC22-000000005403}2164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010615Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:16:09.556{C36AC009-1D59-65F0-FB22-000000005403}4500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010614Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:16:08.806{C36AC009-1D58-65F0-FA22-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010613Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:16:08.040{C36AC009-1D58-65F0-F922-000000005403}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010612Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:15:10.872{C36AC009-1D1E-65F0-F822-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010611Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:15:10.246{C36AC009-1D1E-65F0-F722-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010610Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:15:09.557{C36AC009-1D1D-65F0-F622-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010609Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:15:08.791{C36AC009-1D1C-65F0-F522-000000005403}1484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010608Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:15:08.041{C36AC009-1D1C-65F0-F422-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010607Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:14:12.658{C36AC009-1CE4-65F0-F322-000000005403}4788C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010606Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:14:12.618{C36AC009-1CE4-65F0-F222-000000005403}1140C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010605Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:14:12.581{C36AC009-1CE4-65F0-F122-000000005403}376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010604Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:14:12.516{C36AC009-1CE4-65F0-EF22-000000005403}340C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010603Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:14:11.055{C36AC009-1CE3-65F0-EE22-000000005403}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010602Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:14:10.303{C36AC009-1CE2-65F0-ED22-000000005403}3188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010601Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:14:09.551{C36AC009-1CE1-65F0-EC22-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010600Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:14:08.801{C36AC009-1CE0-65F0-EB22-000000005403}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010599Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:14:08.049{C36AC009-1CE0-65F0-EA22-000000005403}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010598Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:13:10.940{C36AC009-1CA6-65F0-E922-000000005403}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010597Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:13:10.314{C36AC009-1CA6-65F0-E822-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010596Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:13:09.558{C36AC009-1CA5-65F0-E722-000000005403}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010595Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:13:08.808{C36AC009-1CA4-65F0-E622-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010594Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:13:08.043{C36AC009-1CA4-65F0-E522-000000005403}2124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010593Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:12:10.929{C36AC009-1C6A-65F0-E422-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010592Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:12:10.319{C36AC009-1C6A-65F0-E322-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010591Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:12:09.566{C36AC009-1C69-65F0-E222-000000005403}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010590Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:12:08.813{C36AC009-1C68-65F0-E122-000000005403}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010589Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:12:08.047{C36AC009-1C68-65F0-E022-000000005403}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010588Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:11:11.057{C36AC009-1C2F-65F0-DF22-000000005403}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010587Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:11:10.303{C36AC009-1C2E-65F0-DE22-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010586Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:11:09.550{C36AC009-1C2D-65F0-DD22-000000005403}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010585Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:11:08.800{C36AC009-1C2C-65F0-DC22-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010584Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:11:08.042{C36AC009-1C2C-65F0-DB22-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010583Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:10:10.545{C36AC009-1BF2-65F0-DA22-000000005403}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010582Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:10:09.920{C36AC009-1BF1-65F0-D922-000000005403}3412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010581Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:10:09.306{C36AC009-1BF1-65F0-D822-000000005403}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010580Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:10:08.681{C36AC009-1BF0-65F0-D722-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010579Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:10:08.020{C36AC009-1BF0-65F0-D622-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010578Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:09:12.648{C36AC009-1BB8-65F0-D522-000000005403}696C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010577Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:09:12.608{C36AC009-1BB8-65F0-D422-000000005403}2196C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010576Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:09:12.572{C36AC009-1BB8-65F0-D322-000000005403}4872C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010575Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:09:12.506{C36AC009-1BB8-65F0-D122-000000005403}3744C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010574Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:09:10.891{C36AC009-1BB6-65F0-D022-000000005403}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010573Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:09:10.279{C36AC009-1BB6-65F0-CF22-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010572Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:09:09.529{C36AC009-1BB5-65F0-CE22-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010571Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:09:08.763{C36AC009-1BB4-65F0-CD22-000000005403}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010570Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:09:08.003{C36AC009-1BB4-65F0-CC22-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010569Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:08:11.033{C36AC009-1B7B-65F0-CB22-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010568Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:08:10.274{C36AC009-1B7A-65F0-CA22-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010567Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:08:09.519{C36AC009-1B79-65F0-C922-000000005403}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010566Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:08:08.763{C36AC009-1B78-65F0-C822-000000005403}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010565Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:08:07.998{C36AC009-1B77-65F0-C722-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010564Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:07:11.013{C36AC009-1B3F-65F0-C622-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010563Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:07:10.257{C36AC009-1B3E-65F0-C522-000000005403}3348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010562Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:07:09.492{C36AC009-1B3D-65F0-C422-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010561Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:07:08.735{C36AC009-1B3C-65F0-C322-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010560Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:07:07.979{C36AC009-1B3B-65F0-C222-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010559Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:06:10.868{C36AC009-1B02-65F0-C122-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010558Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:06:10.118{C36AC009-1B02-65F0-C022-000000005403}3188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010557Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:06:09.377{C36AC009-1B01-65F0-BF22-000000005403}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010556Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:06:08.729{C36AC009-1B00-65F0-BE22-000000005403}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010555Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:06:07.979{C36AC009-1AFF-65F0-BD22-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010554Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:05:10.990{C36AC009-1AC6-65F0-BC22-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010553Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:05:10.248{C36AC009-1AC6-65F0-BB22-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010552Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:05:09.490{C36AC009-1AC5-65F0-BA22-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010551Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:05:08.725{C36AC009-1AC4-65F0-B922-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010550Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:05:07.969{C36AC009-1AC3-65F0-B822-000000005403}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010549Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:04:12.641{C36AC009-1A8C-65F0-B722-000000005403}2272C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010548Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:04:12.602{C36AC009-1A8C-65F0-B622-000000005403}1604C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010547Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:04:12.566{C36AC009-1A8C-65F0-B522-000000005403}2344C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010546Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:04:12.501{C36AC009-1A8C-65F0-B322-000000005403}688C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010545Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:04:10.993{C36AC009-1A8A-65F0-B222-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010544Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:04:10.399{C36AC009-1A8A-65F0-B122-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010543Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:04:09.649{C36AC009-1A89-65F0-B022-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010542Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:04:08.883{C36AC009-1A88-65F0-AF22-000000005403}304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010541Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:04:08.117{C36AC009-1A88-65F0-AE22-000000005403}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010540Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:03:11.119{C36AC009-1A4F-65F0-AD22-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010539Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:03:10.369{C36AC009-1A4E-65F0-AC22-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010538Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:03:09.610{C36AC009-1A4D-65F0-AB22-000000005403}2164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010537Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:03:08.851{C36AC009-1A4C-65F0-AA22-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010536Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:03:08.101{C36AC009-1A4C-65F0-A922-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010535Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:02:11.113{C36AC009-1A13-65F0-A822-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010534Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:02:10.360{C36AC009-1A12-65F0-A722-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010533Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:02:09.610{C36AC009-1A11-65F0-A622-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010532Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:02:08.844{C36AC009-1A10-65F0-A522-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010531Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:02:08.085{C36AC009-1A10-65F0-A422-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010530Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:01:10.978{C36AC009-19D6-65F0-A322-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010529Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:01:10.228{C36AC009-19D6-65F0-A222-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010528Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:01:09.463{C36AC009-19D5-65F0-A122-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010527Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:01:08.846{C36AC009-19D4-65F0-A022-000000005403}2456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010526Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:01:08.080{C36AC009-19D4-65F0-9F22-000000005403}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010525Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:00:11.039{C36AC009-199B-65F0-9E22-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010524Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:00:10.351{C36AC009-199A-65F0-9D22-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010523Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:00:09.579{C36AC009-1999-65F0-9C22-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010522Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:00:08.814{C36AC009-1998-65F0-9B22-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010521Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 09:00:08.064{C36AC009-1998-65F0-9A22-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010520Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:59:12.632{C36AC009-1960-65F0-9922-000000005403}4300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010519Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:59:12.592{C36AC009-1960-65F0-9822-000000005403}3984C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010518Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:59:12.556{C36AC009-1960-65F0-9722-000000005403}3900C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010517Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:59:12.491{C36AC009-1960-65F0-9522-000000005403}1540C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010516Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:59:10.938{C36AC009-195E-65F0-9422-000000005403}4164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010515Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:59:10.182{C36AC009-195E-65F0-9322-000000005403}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010514Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:59:09.416{C36AC009-195D-65F0-9222-000000005403}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010513Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:59:08.822{C36AC009-195C-65F0-9122-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010512Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:59:08.061{C36AC009-195C-65F0-9022-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010511Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:58:11.054{C36AC009-1923-65F0-8F22-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010510Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:58:10.304{C36AC009-1922-65F0-8E22-000000005403}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010509Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:58:09.547{C36AC009-1921-65F0-8D22-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010508Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:58:08.797{C36AC009-1920-65F0-8C22-000000005403}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010507Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:58:08.047{C36AC009-1920-65F0-8B22-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010506Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:57:11.024{C36AC009-18E7-65F0-8A22-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010505Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:57:10.304{C36AC009-18E6-65F0-8922-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010504Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:57:09.546{C36AC009-18E5-65F0-8822-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010503Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:57:08.796{C36AC009-18E4-65F0-8722-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010502Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:57:08.033{C36AC009-18E4-65F0-8622-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010501Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:56:11.042{C36AC009-18AB-65F0-8522-000000005403}2300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010500Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:56:10.279{C36AC009-18AA-65F0-8422-000000005403}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010499Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:56:09.530{C36AC009-18A9-65F0-8322-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010498Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:56:08.798{C36AC009-18A8-65F0-8222-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010497Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:56:08.035{C36AC009-18A8-65F0-8122-000000005403}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010496Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:55:11.058{C36AC009-186F-65F0-8022-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010495Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:55:10.295{C36AC009-186E-65F0-7F22-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010494Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:55:09.545{C36AC009-186D-65F0-7E22-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010493Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:55:08.781{C36AC009-186C-65F0-7D22-000000005403}3748C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010492Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:55:08.018{C36AC009-186C-65F0-7C22-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010491Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:54:12.623{C36AC009-1834-65F0-7B22-000000005403}4204C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010490Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:54:12.584{C36AC009-1834-65F0-7A22-000000005403}1000C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010489Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:54:12.548{C36AC009-1834-65F0-7922-000000005403}1348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010488Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:54:12.483{C36AC009-1834-65F0-7722-000000005403}4144C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010487Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:54:11.026{C36AC009-1833-65F0-7622-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010486Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:54:10.277{C36AC009-1832-65F0-7522-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010485Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:54:09.527{C36AC009-1831-65F0-7422-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010484Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:54:08.763{C36AC009-1830-65F0-7322-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010483Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:54:07.998{C36AC009-182F-65F0-7222-000000005403}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010482Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:53:10.946{C36AC009-17F6-65F0-7122-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010481Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:53:10.181{C36AC009-17F6-65F0-7022-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010480Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:53:09.416{C36AC009-17F5-65F0-6F22-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010479Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:53:08.759{C36AC009-17F4-65F0-6E22-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010478Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:53:07.994{C36AC009-17F3-65F0-6D22-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010477Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:52:10.982{C36AC009-17BA-65F0-6C22-000000005403}1404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010476Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:52:10.217{C36AC009-17BA-65F0-6B22-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010475Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:52:09.451{C36AC009-17B9-65F0-6A22-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010474Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:52:08.748{C36AC009-17B8-65F0-6922-000000005403}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010473Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:52:07.983{C36AC009-17B7-65F0-6822-000000005403}996C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010472Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:51:10.914{C36AC009-177E-65F0-6722-000000005403}4924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010471Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:51:10.148{C36AC009-177E-65F0-6622-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010470Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:51:09.383{C36AC009-177D-65F0-6522-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010469Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:51:08.726{C36AC009-177C-65F0-6422-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010468Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:51:07.976{C36AC009-177B-65F0-6322-000000005403}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010467Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:50:10.922{C36AC009-1742-65F0-6222-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010466Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:50:10.218{C36AC009-1742-65F0-6122-000000005403}4668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010465Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:50:09.468{C36AC009-1741-65F0-6022-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010464Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:50:08.717{C36AC009-1740-65F0-5F22-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010463Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:50:07.967{C36AC009-173F-65F0-5E22-000000005403}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010462Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:49:12.621{C36AC009-1708-65F0-5D22-000000005403}4648C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010461Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:49:12.581{C36AC009-1708-65F0-5C22-000000005403}1124C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010460Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:49:12.545{C36AC009-1708-65F0-5B22-000000005403}3444C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010459Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:49:12.480{C36AC009-1708-65F0-5922-000000005403}4268C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010458Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:49:10.893{C36AC009-1706-65F0-5822-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010457Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:49:10.221{C36AC009-1706-65F0-5722-000000005403}3660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010456Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:49:09.469{C36AC009-1705-65F0-5622-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010455Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:49:08.719{C36AC009-1704-65F0-5522-000000005403}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010454Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:49:07.969{C36AC009-1703-65F0-5422-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010453Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:48:10.977{C36AC009-16CA-65F0-5322-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010452Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:48:10.225{C36AC009-16CA-65F0-5222-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010451Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:48:09.473{C36AC009-16C9-65F0-5122-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010450Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:48:08.706{C36AC009-16C8-65F0-5022-000000005403}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010449Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:48:07.954{C36AC009-16C7-65F0-4F22-000000005403}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010448Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:47:10.969{C36AC009-168E-65F0-4E22-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010447Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:47:10.216{C36AC009-168E-65F0-4D22-000000005403}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010446Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:47:09.464{C36AC009-168D-65F0-4C22-000000005403}996C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010445Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:47:08.714{C36AC009-168C-65F0-4B22-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010444Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:47:07.959{C36AC009-168B-65F0-4A22-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010443Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:46:10.971{C36AC009-1652-65F0-4922-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010442Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:46:10.221{C36AC009-1652-65F0-4822-000000005403}1948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010441Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:46:09.469{C36AC009-1651-65F0-4722-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010440Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:46:08.727{C36AC009-1650-65F0-4622-000000005403}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010439Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:46:07.962{C36AC009-164F-65F0-4522-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010438Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:45:10.964{C36AC009-1616-65F0-4422-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010437Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:45:10.199{C36AC009-1616-65F0-4322-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010436Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:45:09.439{C36AC009-1615-65F0-4222-000000005403}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010435Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:45:08.685{C36AC009-1614-65F0-4122-000000005403}3056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010434Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:45:07.933{C36AC009-1613-65F0-4022-000000005403}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010433Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:44:12.604{C36AC009-15DC-65F0-3F22-000000005403}4140C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010432Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:44:12.564{C36AC009-15DC-65F0-3E22-000000005403}1404C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010431Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:44:12.528{C36AC009-15DC-65F0-3D22-000000005403}1868C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010430Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:44:12.463{C36AC009-15DC-65F0-3B22-000000005403}2272C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010429Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:44:10.968{C36AC009-15DA-65F0-3A22-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010428Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:44:10.217{C36AC009-15DA-65F0-3922-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010427Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:44:09.451{C36AC009-15D9-65F0-3822-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010426Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:44:08.686{C36AC009-15D8-65F0-3722-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010425Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:44:07.926{C36AC009-15D7-65F0-3622-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010424Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:43:10.843{C36AC009-159E-65F0-3522-000000005403}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010423Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:43:10.072{C36AC009-159E-65F0-3422-000000005403}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010422Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:43:09.318{C36AC009-159D-65F0-3322-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010421Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:43:08.676{C36AC009-159C-65F0-3222-000000005403}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010420Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:43:07.926{C36AC009-159B-65F0-3122-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010419Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:42:10.846{C36AC009-1562-65F0-3022-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010418Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:42:10.100{C36AC009-1562-65F0-2F22-000000005403}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010417Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:42:09.345{C36AC009-1561-65F0-2E22-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010416Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:42:08.657{C36AC009-1560-65F0-2D22-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010415Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:42:07.901{C36AC009-155F-65F0-2C22-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010414Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:41:10.833{C36AC009-1526-65F0-2B22-000000005403}4924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010413Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:41:10.139{C36AC009-1526-65F0-2A22-000000005403}2828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010412Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:41:09.389{C36AC009-1525-65F0-2922-000000005403}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010411Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:41:08.642{C36AC009-1524-65F0-2822-000000005403}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010410Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:41:07.892{C36AC009-1523-65F0-2722-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010409Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:40:10.917{C36AC009-14EA-65F0-2622-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010408Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:40:10.160{C36AC009-14EA-65F0-2522-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010407Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:40:09.403{C36AC009-14E9-65F0-2422-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010406Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:40:08.646{C36AC009-14E8-65F0-2322-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010405Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:40:07.880{C36AC009-14E7-65F0-2222-000000005403}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010404Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:39:12.600{C36AC009-14B0-65F0-2122-000000005403}1776C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010403Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:39:12.560{C36AC009-14B0-65F0-2022-000000005403}3484C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010402Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:39:12.523{C36AC009-14B0-65F0-1F22-000000005403}4408C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010401Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:39:12.458{C36AC009-14B0-65F0-1D22-000000005403}4768C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010400Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:39:10.757{C36AC009-14AE-65F0-1C22-000000005403}3960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010399Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:39:10.155{C36AC009-14AE-65F0-1B22-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010398Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:39:09.390{C36AC009-14AD-65F0-1A22-000000005403}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010397Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:39:08.640{C36AC009-14AC-65F0-1922-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010396Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:39:07.882{C36AC009-14AB-65F0-1822-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010395Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:38:10.789{C36AC009-1472-65F0-1722-000000005403}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010394Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:38:10.146{C36AC009-1472-65F0-1622-000000005403}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010393Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:38:09.387{C36AC009-1471-65F0-1522-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010392Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:38:08.629{C36AC009-1470-65F0-1422-000000005403}4844C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010391Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:38:07.871{C36AC009-146F-65F0-1322-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010390Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:37:10.909{C36AC009-1436-65F0-1222-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010389Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:37:10.142{C36AC009-1436-65F0-1122-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010388Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:37:09.384{C36AC009-1435-65F0-1022-000000005403}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010387Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:37:08.625{C36AC009-1434-65F0-0F22-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010386Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:37:07.866{C36AC009-1433-65F0-0E22-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010385Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:36:10.916{C36AC009-13FA-65F0-0D22-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010384Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:36:10.150{C36AC009-13FA-65F0-0C22-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010383Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:36:09.382{C36AC009-13F9-65F0-0B22-000000005403}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010382Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:36:08.623{C36AC009-13F8-65F0-0A22-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010381Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:36:07.857{C36AC009-13F7-65F0-0922-000000005403}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010380Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:35:10.782{C36AC009-13BE-65F0-0822-000000005403}2184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010379Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:35:10.110{C36AC009-13BE-65F0-0722-000000005403}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010378Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:35:09.350{C36AC009-13BD-65F0-0622-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010377Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:35:08.596{C36AC009-13BC-65F0-0522-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010376Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:35:07.846{C36AC009-13BB-65F0-0422-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010375Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:34:12.590{C36AC009-1384-65F0-0322-000000005403}4368C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010374Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:34:12.550{C36AC009-1384-65F0-0222-000000005403}4204C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010373Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:34:12.515{C36AC009-1384-65F0-0122-000000005403}2100C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010372Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:34:12.451{C36AC009-1384-65F0-FF21-000000005403}3008C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010371Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:34:10.877{C36AC009-1382-65F0-FE21-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010370Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:34:10.101{C36AC009-1382-65F0-FD21-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010369Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:34:09.340{C36AC009-1381-65F0-FC21-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010368Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:34:08.590{C36AC009-1380-65F0-FB21-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010367Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:34:07.835{C36AC009-137F-65F0-FA21-000000005403}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010366Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:33:10.734{C36AC009-1346-65F0-F921-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010365Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:33:10.095{C36AC009-1346-65F0-F821-000000005403}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010364Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:33:09.345{C36AC009-1345-65F0-F721-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010363Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:33:08.579{C36AC009-1344-65F0-F621-000000005403}1176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010362Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:33:07.827{C36AC009-1343-65F0-F521-000000005403}424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010361Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:32:10.820{C36AC009-130A-65F0-F421-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010360Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:32:10.075{C36AC009-130A-65F0-F321-000000005403}440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010359Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:32:09.324{C36AC009-1309-65F0-F221-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010358Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:32:08.562{C36AC009-1308-65F0-F121-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010357Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:32:07.805{C36AC009-1307-65F0-F021-000000005403}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010356Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:31:10.732{C36AC009-12CE-65F0-EF21-000000005403}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010355Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:31:10.075{C36AC009-12CE-65F0-EE21-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010354Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:31:09.313{C36AC009-12CD-65F0-ED21-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010353Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:31:08.550{C36AC009-12CC-65F0-EC21-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010352Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:31:07.800{C36AC009-12CB-65F0-EB21-000000005403}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010351Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:30:10.742{C36AC009-1292-65F0-EA21-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010350Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:30:09.976{C36AC009-1291-65F0-E921-000000005403}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010349Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:30:09.213{C36AC009-1291-65F0-E821-000000005403}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010348Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:30:08.544{C36AC009-1290-65F0-E721-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010347Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:30:07.794{C36AC009-128F-65F0-E621-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010346Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:29:12.588{C36AC009-1258-65F0-E521-000000005403}1172C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010345Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:29:12.548{C36AC009-1258-65F0-E421-000000005403}4972C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010344Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:29:12.512{C36AC009-1258-65F0-E321-000000005403}4180C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010343Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:29:12.448{C36AC009-1258-65F0-E121-000000005403}3116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010342Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:29:10.690{C36AC009-1256-65F0-E021-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010341Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:29:10.090{C36AC009-1256-65F0-DF21-000000005403}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010340Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:29:09.324{C36AC009-1255-65F0-DE21-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010339Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:29:08.558{C36AC009-1254-65F0-DD21-000000005403}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010338Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:29:07.795{C36AC009-1253-65F0-DC21-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010337Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:28:10.733{C36AC009-121A-65F0-DB21-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010336Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:28:10.062{C36AC009-121A-65F0-DA21-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010335Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:28:09.312{C36AC009-1219-65F0-D921-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010334Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:28:08.542{C36AC009-1218-65F0-D821-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010333Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:28:07.794{C36AC009-1217-65F0-D721-000000005403}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010332Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:27:10.842{C36AC009-11DE-65F0-D621-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010331Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:27:10.084{C36AC009-11DE-65F0-D521-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010330Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:27:09.320{C36AC009-11DD-65F0-D421-000000005403}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010329Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:27:08.554{C36AC009-11DC-65F0-D321-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010328Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:27:07.789{C36AC009-11DB-65F0-D221-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010327Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:26:10.666{C36AC009-11A2-65F0-D121-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010326Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:26:10.063{C36AC009-11A2-65F0-D021-000000005403}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010325Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:26:09.313{C36AC009-11A1-65F0-CF21-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010324Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:26:08.548{C36AC009-11A0-65F0-CE21-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010323Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:26:07.798{C36AC009-119F-65F0-CD21-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010322Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:25:10.664{C36AC009-1166-65F0-CC21-000000005403}5040C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010321Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:25:10.037{C36AC009-1166-65F0-CB21-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010320Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:25:09.287{C36AC009-1165-65F0-CA21-000000005403}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010319Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:25:08.536{C36AC009-1164-65F0-C921-000000005403}1140C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010318Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:25:07.786{C36AC009-1163-65F0-C821-000000005403}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010317Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:24:12.588{C36AC009-112C-65F0-C721-000000005403}1064C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010316Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:24:12.547{C36AC009-112C-65F0-C621-000000005403}1476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010315Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:24:12.509{C36AC009-112C-65F0-C521-000000005403}1264C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010314Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:24:12.444{C36AC009-112C-65F0-C321-000000005403}4792C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010313Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:24:10.827{C36AC009-112A-65F0-C221-000000005403}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010312Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:24:10.053{C36AC009-112A-65F0-C121-000000005403}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010311Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:24:09.290{C36AC009-1129-65F0-C021-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010310Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:24:08.540{C36AC009-1128-65F0-BF21-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010309Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:24:07.789{C36AC009-1127-65F0-BE21-000000005403}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010308Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:23:10.818{C36AC009-10EE-65F0-BD21-000000005403}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010307Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:23:10.052{C36AC009-10EE-65F0-BC21-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010306Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:23:09.294{C36AC009-10ED-65F0-BB21-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010305Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:23:08.541{C36AC009-10EC-65F0-BA21-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010304Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:23:07.775{C36AC009-10EB-65F0-B921-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010303Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:22:10.716{C36AC009-10B2-65F0-B821-000000005403}1088C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010302Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:22:10.059{C36AC009-10B2-65F0-B721-000000005403}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010301Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:22:09.298{C36AC009-10B1-65F0-B621-000000005403}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010300Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:22:08.545{C36AC009-10B0-65F0-B521-000000005403}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010299Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:22:07.779{C36AC009-10AF-65F0-B421-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010298Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:21:10.815{C36AC009-1076-65F0-B321-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010297Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:21:10.047{C36AC009-1076-65F0-B221-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010296Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:21:09.295{C36AC009-1075-65F0-B121-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010295Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:21:08.532{C36AC009-1074-65F0-B021-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010294Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:21:07.779{C36AC009-1073-65F0-AF21-000000005403}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010293Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:20:10.789{C36AC009-103A-65F0-AE21-000000005403}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010292Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:20:10.035{C36AC009-103A-65F0-AD21-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010291Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:20:09.282{C36AC009-1039-65F0-AC21-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010290Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:20:08.525{C36AC009-1038-65F0-AB21-000000005403}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010289Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:20:07.768{C36AC009-1037-65F0-AA21-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010288Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:19:12.571{C36AC009-1000-65F0-A921-000000005403}4660C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010287Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:19:12.530{C36AC009-1000-65F0-A821-000000005403}1568C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010286Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:19:12.493{C36AC009-1000-65F0-A721-000000005403}3740C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010285Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:19:12.427{C36AC009-1000-65F0-A521-000000005403}4240C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010284Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:19:10.668{C36AC009-0FFE-65F0-A421-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010283Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:19:10.038{C36AC009-0FFE-65F0-A321-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010282Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:19:09.288{C36AC009-0FFD-65F0-A221-000000005403}3412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010281Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:19:08.519{C36AC009-0FFC-65F0-A121-000000005403}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010280Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:19:07.755{C36AC009-0FFB-65F0-A021-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010279Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:18:10.616{C36AC009-0FC2-65F0-9F21-000000005403}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010278Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:18:09.872{C36AC009-0FC1-65F0-9E21-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010277Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:18:09.107{C36AC009-0FC1-65F0-9D21-000000005403}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010276Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:18:08.493{C36AC009-0FC0-65F0-9C21-000000005403}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010275Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:18:07.736{C36AC009-0FBF-65F0-9B21-000000005403}2040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010274Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:17:10.746{C36AC009-0F86-65F0-9A21-000000005403}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010273Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:17:09.980{C36AC009-0F85-65F0-9921-000000005403}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010272Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:17:09.225{C36AC009-0F85-65F0-9821-000000005403}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010271Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:17:08.470{C36AC009-0F84-65F0-9721-000000005403}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010270Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:17:07.723{C36AC009-0F83-65F0-9621-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010269Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:16:10.496{C36AC009-0F4A-65F0-9521-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010268Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:16:09.871{C36AC009-0F49-65F0-9421-000000005403}4972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010267Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:16:09.203{C36AC009-0F49-65F0-9321-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010266Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:16:08.453{C36AC009-0F48-65F0-9221-000000005403}2828C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010265Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:16:07.703{C36AC009-0F47-65F0-9121-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010264Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:15:10.516{C36AC009-0F0E-65F0-9021-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010263Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:15:09.901{C36AC009-0F0D-65F0-8F21-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010262Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:15:09.206{C36AC009-0F0D-65F0-8E21-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010261Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:15:08.440{C36AC009-0F0C-65F0-8D21-000000005403}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010260Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:15:07.690{C36AC009-0F0B-65F0-8C21-000000005403}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010259Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:14:12.556{C36AC009-0ED4-65F0-8B21-000000005403}4464C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010258Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:14:12.518{C36AC009-0ED4-65F0-8A21-000000005403}664C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010257Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:14:12.481{C36AC009-0ED4-65F0-8921-000000005403}1960C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010256Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:14:12.415{C36AC009-0ED4-65F0-8721-000000005403}4396C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010255Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:14:10.643{C36AC009-0ED2-65F0-8621-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010254Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:14:09.884{C36AC009-0ED1-65F0-8521-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010253Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:14:09.119{C36AC009-0ED1-65F0-8421-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010252Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:14:08.431{C36AC009-0ED0-65F0-8321-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010251Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:14:07.682{C36AC009-0ECF-65F0-8221-000000005403}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010250Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:13:10.696{C36AC009-0E96-65F0-8121-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010249Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:13:09.930{C36AC009-0E95-65F0-8021-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010248Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:13:09.180{C36AC009-0E95-65F0-7F21-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010247Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:13:08.431{C36AC009-0E94-65F0-7E21-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010246Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:13:07.682{C36AC009-0E93-65F0-7D21-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010245Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:12:10.712{C36AC009-0E5A-65F0-7C21-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010244Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:12:09.962{C36AC009-0E59-65F0-7B21-000000005403}3824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010243Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:12:09.204{C36AC009-0E59-65F0-7A21-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010242Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:12:08.454{C36AC009-0E58-65F0-7921-000000005403}4844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010241Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:12:07.696{C36AC009-0E57-65F0-7821-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010240Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:11:10.744{C36AC009-0E1E-65F0-7721-000000005403}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010239Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:11:10.095{C36AC009-0E1E-65F0-7621-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010238Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:11:09.336{C36AC009-0E1D-65F0-7521-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010237Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:11:08.586{C36AC009-0E1C-65F0-7421-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010236Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:11:07.827{C36AC009-0E1B-65F0-7321-000000005403}4164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010235Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:10:10.708{C36AC009-0DE2-65F0-7221-000000005403}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010234Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:10:10.089{C36AC009-0DE2-65F0-7121-000000005403}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010233Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:10:09.323{C36AC009-0DE1-65F0-7021-000000005403}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010232Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:10:08.564{C36AC009-0DE0-65F0-6F21-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010231Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:10:07.814{C36AC009-0DDF-65F0-6E21-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010230Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:09:12.552{C36AC009-0DA8-65F0-6D21-000000005403}528C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010229Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:09:12.513{C36AC009-0DA8-65F0-6C21-000000005403}368C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010228Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:09:12.477{C36AC009-0DA8-65F0-6B21-000000005403}3148C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010227Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:09:12.412{C36AC009-0DA8-65F0-6921-000000005403}4396C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010226Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:09:10.839{C36AC009-0DA6-65F0-6821-000000005403}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010225Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:09:10.073{C36AC009-0DA6-65F0-6721-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010224Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:09:09.319{C36AC009-0DA5-65F0-6621-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010223Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:09:08.553{C36AC009-0DA4-65F0-6521-000000005403}440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010222Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:09:07.803{C36AC009-0DA3-65F0-6421-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010221Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:08:10.794{C36AC009-0D6A-65F0-6321-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010220Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:08:10.044{C36AC009-0D6A-65F0-6221-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010219Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:08:09.295{C36AC009-0D69-65F0-6121-000000005403}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010218Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:08:08.559{C36AC009-0D68-65F0-6021-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010217Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:08:07.809{C36AC009-0D67-65F0-5F21-000000005403}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010216Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:07:10.867{C36AC009-0D2E-65F0-5E21-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010215Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:07:10.090{C36AC009-0D2E-65F0-5D21-000000005403}4744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010214Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:07:09.329{C36AC009-0D2D-65F0-5C21-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010213Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:07:08.563{C36AC009-0D2C-65F0-5B21-000000005403}4148C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010212Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:07:07.802{C36AC009-0D2B-65F0-5A21-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010211Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:06:10.676{C36AC009-0CF2-65F0-5921-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010210Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:06:09.903{C36AC009-0CF1-65F0-5821-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010209Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:06:09.153{C36AC009-0CF1-65F0-5721-000000005403}4164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010208Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:06:08.559{C36AC009-0CF0-65F0-5621-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010207Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:06:07.801{C36AC009-0CEF-65F0-5521-000000005403}4924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010206Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:05:10.852{C36AC009-0CB6-65F0-5421-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010205Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:05:10.077{C36AC009-0CB6-65F0-5321-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010204Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:05:09.319{C36AC009-0CB5-65F0-5221-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010203Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:05:08.563{C36AC009-0CB4-65F0-5121-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010202Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:05:07.800{C36AC009-0CB3-65F0-5021-000000005403}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010201Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:04:12.548{C36AC009-0C7C-65F0-4F21-000000005403}376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010200Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:04:12.510{C36AC009-0C7C-65F0-4E21-000000005403}92C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010199Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:04:12.473{C36AC009-0C7C-65F0-4D21-000000005403}2376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010198Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:04:12.408{C36AC009-0C7C-65F0-4B21-000000005403}400C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010197Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:04:10.798{C36AC009-0C7A-65F0-4A21-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010196Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:04:10.032{C36AC009-0C7A-65F0-4921-000000005403}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010195Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:04:09.267{C36AC009-0C79-65F0-4821-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010194Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:04:08.539{C36AC009-0C78-65F0-4721-000000005403}1484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010193Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:04:07.780{C36AC009-0C77-65F0-4621-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010192Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:03:10.813{C36AC009-0C3E-65F0-4521-000000005403}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010191Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:03:10.051{C36AC009-0C3E-65F0-4421-000000005403}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010190Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:03:09.291{C36AC009-0C3D-65F0-4321-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010189Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:03:08.541{C36AC009-0C3C-65F0-4221-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010188Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:03:07.775{C36AC009-0C3B-65F0-4121-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010187Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:02:10.646{C36AC009-0C02-65F0-4021-000000005403}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010186Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:02:10.052{C36AC009-0C02-65F0-3F21-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010185Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:02:09.289{C36AC009-0C01-65F0-3E21-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010184Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:02:08.539{C36AC009-0C00-65F0-3D21-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010183Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:02:07.774{C36AC009-0BFF-65F0-3C21-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010182Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:01:10.712{C36AC009-0BC6-65F0-3B21-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010181Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:01:10.056{C36AC009-0BC6-65F0-3A21-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010180Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:01:09.276{C36AC009-0BC5-65F0-3921-000000005403}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010179Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:01:08.526{C36AC009-0BC4-65F0-3821-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010178Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:01:07.760{C36AC009-0BC3-65F0-3721-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010177Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:00:10.631{C36AC009-0B8A-65F0-3621-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010176Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:00:09.865{C36AC009-0B89-65F0-3521-000000005403}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010175Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:00:09.100{C36AC009-0B89-65F0-3421-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010174Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:00:08.506{C36AC009-0B88-65F0-3321-000000005403}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010173Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 08:00:07.756{C36AC009-0B87-65F0-3221-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010172Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:59:12.545{C36AC009-0B50-65F0-3121-000000005403}2624C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010171Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:59:12.505{C36AC009-0B50-65F0-3021-000000005403}1056C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010170Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:59:12.469{C36AC009-0B50-65F0-2F21-000000005403}4644C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010169Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:59:12.404{C36AC009-0B50-65F0-2D21-000000005403}4148C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010168Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:59:10.758{C36AC009-0B4E-65F0-2C21-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010167Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:59:10.006{C36AC009-0B4E-65F0-2B21-000000005403}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010166Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:59:09.256{C36AC009-0B4D-65F0-2A21-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010165Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:59:08.491{C36AC009-0B4C-65F0-2921-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010164Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:59:07.739{C36AC009-0B4B-65F0-2821-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010163Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:58:10.747{C36AC009-0B12-65F0-2721-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010162Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:58:09.997{C36AC009-0B11-65F0-2621-000000005403}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010161Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:58:09.246{C36AC009-0B11-65F0-2521-000000005403}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010160Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:58:08.495{C36AC009-0B10-65F0-2421-000000005403}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010159Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:58:07.729{C36AC009-0B0F-65F0-2321-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010158Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:57:10.747{C36AC009-0AD6-65F0-2221-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010157Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:57:09.981{C36AC009-0AD5-65F0-2121-000000005403}2252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010156Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:57:09.229{C36AC009-0AD5-65F0-2021-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010155Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:57:08.463{C36AC009-0AD4-65F0-1F21-000000005403}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010154Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:57:07.712{C36AC009-0AD3-65F0-1E21-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010153Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:56:10.706{C36AC009-0A9A-65F0-1D21-000000005403}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010152Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:56:09.952{C36AC009-0A99-65F0-1C21-000000005403}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010151Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:56:09.202{C36AC009-0A99-65F0-1B21-000000005403}440C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010150Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:56:08.452{C36AC009-0A98-65F0-1A21-000000005403}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010149Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:56:07.698{C36AC009-0A97-65F0-1921-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010148Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:55:10.624{C36AC009-0A5E-65F0-1821-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010147Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:55:09.871{C36AC009-0A5D-65F0-1721-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010146Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:55:09.122{C36AC009-0A5D-65F0-1621-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010145Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:55:08.431{C36AC009-0A5C-65F0-1521-000000005403}3056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010144Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:55:07.681{C36AC009-0A5B-65F0-1421-000000005403}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010143Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:54:12.531{C36AC009-0A24-65F0-1321-000000005403}4904C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010142Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:54:12.492{C36AC009-0A24-65F0-1221-000000005403}3624C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010141Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:54:12.456{C36AC009-0A24-65F0-1121-000000005403}2272C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010140Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:54:12.391{C36AC009-0A24-65F0-0F21-000000005403}3768C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010139Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:54:10.744{C36AC009-0A22-65F0-0E21-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010138Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:54:09.978{C36AC009-0A21-65F0-0D21-000000005403}4500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010137Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:54:09.225{C36AC009-0A21-65F0-0C21-000000005403}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010136Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:54:08.459{C36AC009-0A20-65F0-0B21-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010135Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:54:07.694{C36AC009-0A1F-65F0-0A21-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010134Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:53:10.707{C36AC009-09E6-65F0-0921-000000005403}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010133Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:53:09.957{C36AC009-09E5-65F0-0821-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010132Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:53:09.207{C36AC009-09E5-65F0-0721-000000005403}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010131Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:53:08.449{C36AC009-09E4-65F0-0621-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010130Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:53:07.683{C36AC009-09E3-65F0-0521-000000005403}3960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010129Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:52:10.593{C36AC009-09AA-65F0-0421-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010128Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:52:09.833{C36AC009-09A9-65F0-0321-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010127Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:52:09.068{C36AC009-09A9-65F0-0221-000000005403}3836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010126Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:52:08.427{C36AC009-09A8-65F0-0121-000000005403}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010125Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:52:07.677{C36AC009-09A7-65F0-0021-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010124Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:51:10.709{C36AC009-096E-65F0-FF20-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010123Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:51:09.953{C36AC009-096D-65F0-FE20-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010122Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:51:09.198{C36AC009-096D-65F0-FD20-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010121Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:51:08.432{C36AC009-096C-65F0-FC20-000000005403}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010120Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:51:07.677{C36AC009-096B-65F0-FB20-000000005403}304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010119Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:50:10.675{C36AC009-0932-65F0-FA20-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010118Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:50:09.925{C36AC009-0931-65F0-F920-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010117Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:50:09.175{C36AC009-0931-65F0-F820-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010116Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:50:08.412{C36AC009-0930-65F0-F720-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010115Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:50:07.662{C36AC009-092F-65F0-F620-000000005403}2300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010114Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:49:12.523{C36AC009-08F8-65F0-F520-000000005403}2820C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010113Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:49:12.482{C36AC009-08F8-65F0-F420-000000005403}3444C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010112Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:49:12.446{C36AC009-08F8-65F0-F320-000000005403}3636C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010111Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:49:12.381{C36AC009-08F8-65F0-F120-000000005403}5016C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010110Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:49:10.551{C36AC009-08F6-65F0-F020-000000005403}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010109Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:49:09.910{C36AC009-08F5-65F0-EF20-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010108Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:49:09.160{C36AC009-08F5-65F0-EE20-000000005403}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010107Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:49:08.404{C36AC009-08F4-65F0-ED20-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010106Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:49:07.654{C36AC009-08F3-65F0-EC20-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010105Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:48:10.627{C36AC009-08BA-65F0-EB20-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010104Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:48:09.871{C36AC009-08B9-65F0-EA20-000000005403}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010103Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:48:09.152{C36AC009-08B9-65F0-E920-000000005403}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010102Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:48:08.410{C36AC009-08B8-65F0-E820-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010101Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:48:07.660{C36AC009-08B7-65F0-E720-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010100Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:47:10.681{C36AC009-087E-65F0-E620-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010099Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:47:09.915{C36AC009-087D-65F0-E520-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010098Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:47:09.158{C36AC009-087D-65F0-E420-000000005403}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010097Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:47:08.400{C36AC009-087C-65F0-E320-000000005403}4420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010096Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:47:07.650{C36AC009-087B-65F0-E220-000000005403}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010095Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:46:10.666{C36AC009-0842-65F0-E120-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010094Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:46:09.901{C36AC009-0841-65F0-E020-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010093Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:46:09.143{C36AC009-0841-65F0-DF20-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010092Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:46:08.384{C36AC009-0840-65F0-DE20-000000005403}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010091Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:46:07.634{C36AC009-083F-65F0-DD20-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010090Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:45:10.534{C36AC009-0806-65F0-DC20-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010089Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:45:09.768{C36AC009-0805-65F0-DB20-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010088Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:45:08.995{C36AC009-0804-65F0-DA20-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010087Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:45:08.391{C36AC009-0804-65F0-D920-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010086Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:45:07.641{C36AC009-0803-65F0-D820-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010085Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:44:12.509{C36AC009-07CC-65F0-D720-000000005403}5112C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010084Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:44:12.469{C36AC009-07CC-65F0-D620-000000005403}3744C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010083Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:44:12.432{C36AC009-07CC-65F0-D520-000000005403}4516C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010082Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:44:12.368{C36AC009-07CC-65F0-D320-000000005403}4672C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010081Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:44:10.556{C36AC009-07CA-65F0-D220-000000005403}1140C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010080Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:44:09.905{C36AC009-07C9-65F0-D120-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010079Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:44:09.145{C36AC009-07C9-65F0-D020-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010078Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:44:08.395{C36AC009-07C8-65F0-CF20-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010077Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:44:07.636{C36AC009-07C7-65F0-CE20-000000005403}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010076Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:43:10.601{C36AC009-078E-65F0-CD20-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010075Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:43:09.842{C36AC009-078D-65F0-CC20-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010074Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:43:09.158{C36AC009-078D-65F0-CB20-000000005403}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010073Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:43:08.408{C36AC009-078C-65F0-CA20-000000005403}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010072Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:43:07.642{C36AC009-078B-65F0-C920-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010071Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:42:10.570{C36AC009-0752-65F0-C720-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010070Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:42:09.809{C36AC009-0751-65F0-C620-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010069Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:42:09.064{C36AC009-0751-65F0-C520-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010068Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:42:08.391{C36AC009-0750-65F0-C420-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010067Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:42:07.630{C36AC009-074F-65F0-C320-000000005403}3700C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010066Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:41:10.501{C36AC009-0716-65F0-C220-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010065Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:41:09.736{C36AC009-0715-65F0-C120-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010064Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:41:08.971{C36AC009-0714-65F0-C020-000000005403}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010063Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:41:08.377{C36AC009-0714-65F0-BF20-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010062Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:41:07.623{C36AC009-0713-65F0-BE20-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010061Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:40:10.525{C36AC009-06DA-65F0-BD20-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010060Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:40:09.778{C36AC009-06D9-65F0-BC20-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010059Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:40:09.001{C36AC009-06D9-65F0-BB20-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010058Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:40:08.376{C36AC009-06D8-65F0-BA20-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010057Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:40:07.614{C36AC009-06D7-65F0-B920-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010056Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:39:12.502{C36AC009-06A0-65F0-B820-000000005403}3440C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010055Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:39:12.463{C36AC009-06A0-65F0-B720-000000005403}1088C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010054Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:39:12.427{C36AC009-06A0-65F0-B620-000000005403}3400C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010053Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:39:12.363{C36AC009-06A0-65F0-B420-000000005403}2808C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010052Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:39:10.534{C36AC009-069E-65F0-B320-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010051Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:39:09.769{C36AC009-069D-65F0-B220-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010050Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:39:09.007{C36AC009-069D-65F0-B120-000000005403}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010049Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:39:08.369{C36AC009-069C-65F0-B020-000000005403}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010048Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:39:07.603{C36AC009-069B-65F0-AF20-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010046Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:38:10.551{C36AC009-0662-65F0-AE20-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010045Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:38:09.863{C36AC009-0661-65F0-AD20-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010044Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:38:09.113{C36AC009-0661-65F0-AC20-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010043Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:38:08.353{C36AC009-0660-65F0-AB20-000000005403}2200C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010042Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:38:07.587{C36AC009-065F-65F0-AA20-000000005403}3348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010041Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:37:10.475{C36AC009-0626-65F0-A920-000000005403}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010040Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:37:09.709{C36AC009-0625-65F0-A820-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010039Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:37:08.946{C36AC009-0624-65F0-A720-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010038Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:37:08.352{C36AC009-0624-65F0-A620-000000005403}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010037Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:37:07.588{C36AC009-0623-65F0-A520-000000005403}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010036Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:36:10.584{C36AC009-05EA-65F0-A420-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010035Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:36:09.835{C36AC009-05E9-65F0-A320-000000005403}4964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010034Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:36:09.070{C36AC009-05E9-65F0-A220-000000005403}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010033Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:36:08.321{C36AC009-05E8-65F0-A120-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010032Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:36:07.571{C36AC009-05E7-65F0-A020-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010031Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:35:10.426{C36AC009-05AE-65F0-9F20-000000005403}4480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010030Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:35:09.832{C36AC009-05AD-65F0-9E20-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010029Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:35:09.082{C36AC009-05AD-65F0-9D20-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010028Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:35:08.317{C36AC009-05AC-65F0-9C20-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010027Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:35:07.567{C36AC009-05AB-65F0-9B20-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010026Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:34:12.492{C36AC009-0574-65F0-9A20-000000005403}4348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010025Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:34:12.452{C36AC009-0574-65F0-9920-000000005403}2804C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010024Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:34:12.417{C36AC009-0574-65F0-9820-000000005403}4824C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010023Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:34:12.351{C36AC009-0574-65F0-9620-000000005403}300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x800000000000000010022Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:34:10.441{C36AC009-0572-65F0-9520-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010021Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:34:09.816{C36AC009-0571-65F0-9420-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010020Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:34:09.066{C36AC009-0571-65F0-9320-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010019Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:34:08.316{C36AC009-0570-65F0-9220-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010018Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:34:07.550{C36AC009-056F-65F0-9120-000000005403}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010017Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:33:10.413{C36AC009-0536-65F0-9020-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010016Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:33:09.819{C36AC009-0535-65F0-8F20-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010015Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:33:09.069{C36AC009-0535-65F0-8E20-000000005403}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010014Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:33:08.319{C36AC009-0534-65F0-8D20-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010013Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:33:07.553{C36AC009-0533-65F0-8C20-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010012Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:32:10.569{C36AC009-04FA-65F0-8B20-000000005403}4392C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010011Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:32:09.819{C36AC009-04F9-65F0-8A20-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010010Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:32:09.069{C36AC009-04F9-65F0-8920-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010009Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:32:08.317{C36AC009-04F8-65F0-8820-000000005403}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010008Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:32:07.551{C36AC009-04F7-65F0-8720-000000005403}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010007Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:31:10.454{C36AC009-04BE-65F0-8620-000000005403}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010006Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:31:09.795{C36AC009-04BD-65F0-8520-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010005Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:31:09.041{C36AC009-04BD-65F0-8420-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010004Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:31:08.291{C36AC009-04BC-65F0-8320-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010003Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:31:07.541{C36AC009-04BB-65F0-8220-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010002Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:30:10.466{C36AC009-0482-65F0-8120-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010001Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:30:09.789{C36AC009-0481-65F0-8020-000000005403}4408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000010000Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:30:09.039{C36AC009-0481-65F0-7F20-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009999Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:30:08.286{C36AC009-0480-65F0-7E20-000000005403}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009998Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:30:07.536{C36AC009-047F-65F0-7D20-000000005403}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009997Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:29:12.481{C36AC009-0448-65F0-7C20-000000005403}976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009996Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:29:12.441{C36AC009-0448-65F0-7B20-000000005403}3976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009995Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:29:12.406{C36AC009-0448-65F0-7A20-000000005403}848C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009994Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:29:12.340{C36AC009-0448-65F0-7820-000000005403}3816C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009993Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:29:10.514{C36AC009-0446-65F0-7720-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009992Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:29:09.777{C36AC009-0445-65F0-7620-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009991Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:29:09.019{C36AC009-0445-65F0-7520-000000005403}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009990Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:29:08.269{C36AC009-0444-65F0-7420-000000005403}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009989Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:29:07.519{C36AC009-0443-65F0-7320-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009988Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:28:10.285{C36AC009-040A-65F0-7220-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009987Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:28:09.672{C36AC009-0409-65F0-7120-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009986Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:28:09.012{C36AC009-0409-65F0-7020-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009985Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:28:08.258{C36AC009-0408-65F0-6F20-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009984Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:28:07.498{C36AC009-0407-65F0-6E20-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009983Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:27:10.500{C36AC009-03CE-65F0-6D20-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009982Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:27:09.750{C36AC009-03CD-65F0-6C20-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009981Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:27:08.989{C36AC009-03CC-65F0-6B20-000000005403}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009980Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:27:08.239{C36AC009-03CC-65F0-6A20-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009979Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:27:07.489{C36AC009-03CB-65F0-6920-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009978Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:26:10.389{C36AC009-0392-65F0-6820-000000005403}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009977Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:26:09.624{C36AC009-0391-65F0-6720-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009976Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:26:08.865{C36AC009-0390-65F0-6620-000000005403}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009975Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:26:08.224{C36AC009-0390-65F0-6520-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009974Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:26:07.469{C36AC009-038F-65F0-6420-000000005403}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009973Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:25:10.430{C36AC009-0356-65F0-6320-000000005403}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009972Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:25:09.740{C36AC009-0355-65F0-6220-000000005403}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009971Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:25:08.987{C36AC009-0354-65F0-6120-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009970Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:25:08.216{C36AC009-0354-65F0-6020-000000005403}4924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009969Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:25:07.455{C36AC009-0353-65F0-5F20-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009968Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:24:12.468{C36AC009-031C-65F0-5E20-000000005403}4672C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009967Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:24:12.429{C36AC009-031C-65F0-5D20-000000005403}4204C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009966Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:24:12.392{C36AC009-031C-65F0-5C20-000000005403}5080C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009965Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:24:12.327{C36AC009-031C-65F0-5A20-000000005403}3700C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009964Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:24:10.472{C36AC009-031A-65F0-5920-000000005403}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009963Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:24:09.716{C36AC009-0319-65F0-5820-000000005403}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009962Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:24:08.959{C36AC009-0318-65F0-5720-000000005403}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009961Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:24:08.211{C36AC009-0318-65F0-5620-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009960Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:24:07.452{C36AC009-0317-65F0-5520-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009959Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:23:10.287{C36AC009-02DE-65F0-5420-000000005403}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009958Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:23:09.662{C36AC009-02DD-65F0-5320-000000005403}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009957Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:23:08.968{C36AC009-02DC-65F0-5220-000000005403}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009956Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:23:08.205{C36AC009-02DC-65F0-5120-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009955Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:23:07.448{C36AC009-02DB-65F0-5020-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009954Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:22:10.484{C36AC009-02A2-65F0-4F20-000000005403}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009953Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:22:09.718{C36AC009-02A1-65F0-4E20-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009952Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:22:08.961{C36AC009-02A0-65F0-4D20-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009951Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:22:08.204{C36AC009-02A0-65F0-4C20-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009950Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:22:07.439{C36AC009-029F-65F0-4B20-000000005403}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009949Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:21:10.484{C36AC009-0266-65F0-4A20-000000005403}424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009948Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:21:09.718{C36AC009-0265-65F0-4920-000000005403}4364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009947Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:21:08.960{C36AC009-0264-65F0-4820-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009946Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:21:08.202{C36AC009-0264-65F0-4720-000000005403}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009945Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:21:07.437{C36AC009-0263-65F0-4620-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009944Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:20:10.317{C36AC009-022A-65F0-4520-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009943Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:20:09.558{C36AC009-0229-65F0-4420-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009942Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:20:08.817{C36AC009-0228-65F0-4320-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009941Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:20:08.175{C36AC009-0228-65F0-4220-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009940Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:20:07.432{C36AC009-0227-65F0-4120-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009939Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:19:12.459{C36AC009-01F0-65F0-4020-000000005403}4484C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009938Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:19:12.419{C36AC009-01F0-65F0-3F20-000000005403}1412C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009937Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:19:12.384{C36AC009-01F0-65F0-3E20-000000005403}4300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009936Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:19:12.319{C36AC009-01F0-65F0-3C20-000000005403}1064C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009935Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:19:10.388{C36AC009-01EE-65F0-3B20-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009934Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:19:09.697{C36AC009-01ED-65F0-3A20-000000005403}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009933Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:19:08.947{C36AC009-01EC-65F0-3920-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009932Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:19:08.182{C36AC009-01EC-65F0-3820-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009931Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:19:07.429{C36AC009-01EB-65F0-3720-000000005403}3412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009930Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:18:10.436{C36AC009-01B2-65F0-3620-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009929Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:18:09.670{C36AC009-01B1-65F0-3520-000000005403}4844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009928Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:18:08.902{C36AC009-01B0-65F0-3420-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009927Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:18:08.152{C36AC009-01B0-65F0-3320-000000005403}4744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009926Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:18:07.402{C36AC009-01AF-65F0-3220-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009925Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:17:10.303{C36AC009-0176-65F0-3120-000000005403}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009924Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:17:09.683{C36AC009-0175-65F0-3020-000000005403}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009923Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:17:08.917{C36AC009-0174-65F0-2F20-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009922Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:17:08.158{C36AC009-0174-65F0-2E20-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009921Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:17:07.398{C36AC009-0173-65F0-2D20-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009920Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:16:10.327{C36AC009-013A-65F0-2C20-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009919Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:16:09.649{C36AC009-0139-65F0-2B20-000000005403}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009918Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:16:08.888{C36AC009-0138-65F0-2A20-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009917Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:16:08.138{C36AC009-0138-65F0-2920-000000005403}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009916Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:16:07.373{C36AC009-0137-65F0-2820-000000005403}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009915Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:15:10.396{C36AC009-00FE-65F0-2720-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009914Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:15:09.640{C36AC009-00FD-65F0-2620-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009913Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:15:08.879{C36AC009-00FC-65F0-2520-000000005403}4164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009912Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:15:08.129{C36AC009-00FC-65F0-2420-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009911Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:15:07.368{C36AC009-00FB-65F0-2320-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009910Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:14:12.450{C36AC009-00C4-65F0-2220-000000005403}4412C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009909Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:14:12.409{C36AC009-00C4-65F0-2120-000000005403}3056C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009908Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:14:12.373{C36AC009-00C4-65F0-2020-000000005403}3628C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009907Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:14:12.308{C36AC009-00C4-65F0-1E20-000000005403}4260C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009906Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:14:10.230{C36AC009-00C2-65F0-1D20-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009905Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:14:09.624{C36AC009-00C1-65F0-1C20-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009904Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:14:08.865{C36AC009-00C0-65F0-1B20-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009903Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:14:08.115{C36AC009-00C0-65F0-1A20-000000005403}304C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009902Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:14:07.350{C36AC009-00BF-65F0-1920-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009901Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:13:10.321{C36AC009-0086-65F0-1820-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009900Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:13:09.602{C36AC009-0085-65F0-1720-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009899Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:13:08.847{C36AC009-0084-65F0-1620-000000005403}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009898Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:13:08.100{C36AC009-0084-65F0-1520-000000005403}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009897Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:13:07.334{C36AC009-0083-65F0-1420-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009896Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:12:10.271{C36AC009-004A-65F0-1320-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009895Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:12:09.582{C36AC009-0049-65F0-1220-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009894Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:12:08.819{C36AC009-0048-65F0-1120-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009893Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:12:08.056{C36AC009-0048-65F0-1020-000000005403}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009892Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:12:07.306{C36AC009-0047-65F0-0F20-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009891Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:11:10.243{C36AC009-000E-65F0-0E20-000000005403}4508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009890Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:11:09.541{C36AC009-000D-65F0-0D20-000000005403}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009889Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:11:08.803{C36AC009-000C-65F0-0C20-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009888Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:11:08.053{C36AC009-000C-65F0-0B20-000000005403}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009887Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:11:07.289{C36AC009-000B-65F0-0A20-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009886Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:10:10.146{C36AC009-FFD2-65EF-0920-000000005403}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009885Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:10:09.382{C36AC009-FFD1-65EF-0820-000000005403}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009884Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:10:08.632{C36AC009-FFD0-65EF-0720-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009883Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:10:08.027{C36AC009-FFD0-65EF-0620-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009882Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:10:07.277{C36AC009-FFCF-65EF-0520-000000005403}3660C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009881Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:09:12.443{C36AC009-FF98-65EF-0420-000000005403}4316C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009880Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:09:12.403{C36AC009-FF98-65EF-0320-000000005403}3484C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009879Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:09:12.367{C36AC009-FF98-65EF-0220-000000005403}3396C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009878Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:09:12.303{C36AC009-FF98-65EF-0020-000000005403}1776C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009877Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:09:10.148{C36AC009-FF96-65EF-FF1F-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009876Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:09:09.522{C36AC009-FF95-65EF-FE1F-000000005403}4480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009875Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:09:08.772{C36AC009-FF94-65EF-FD1F-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009874Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:09:08.016{C36AC009-FF94-65EF-FC1F-000000005403}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009873Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:09:07.266{C36AC009-FF93-65EF-FB1F-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009872Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:08:10.244{C36AC009-FF5A-65EF-FA1F-000000005403}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009871Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:08:09.495{C36AC009-FF59-65EF-F91F-000000005403}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009870Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:08:08.760{C36AC009-FF58-65EF-F81F-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009869Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:08:08.013{C36AC009-FF58-65EF-F71F-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009868Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:08:07.248{C36AC009-FF57-65EF-F61F-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009867Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:07:10.151{C36AC009-FF1E-65EF-F51F-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009866Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:07:09.509{C36AC009-FF1D-65EF-F41F-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009865Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:07:08.743{C36AC009-FF1C-65EF-F31F-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009864Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:07:07.985{C36AC009-FF1B-65EF-F21F-000000005403}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009863Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:07:07.233{C36AC009-FF1B-65EF-F11F-000000005403}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009862Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:06:10.167{C36AC009-FEE2-65EF-F01F-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009861Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:06:09.510{C36AC009-FEE1-65EF-EF1F-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009860Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:06:08.744{C36AC009-FEE0-65EF-EE1F-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009859Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:06:07.993{C36AC009-FEDF-65EF-ED1F-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009858Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:06:07.235{C36AC009-FEDF-65EF-EC1F-000000005403}3492C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009857Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:05:10.100{C36AC009-FEA6-65EF-EB1F-000000005403}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009856Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:05:09.490{C36AC009-FEA5-65EF-EA1F-000000005403}3836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009855Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:05:08.737{C36AC009-FEA4-65EF-E91F-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009854Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:05:07.987{C36AC009-FEA3-65EF-E81F-000000005403}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009853Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:05:07.214{C36AC009-FEA3-65EF-E71F-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009852Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:04:12.444{C36AC009-FE6C-65EF-E61F-000000005403}4124C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009851Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:04:12.404{C36AC009-FE6C-65EF-E51F-000000005403}4268C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009850Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:04:12.368{C36AC009-FE6C-65EF-E41F-000000005403}3900C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009849Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:04:12.305{C36AC009-FE6C-65EF-E21F-000000005403}2344C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009848Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:04:10.232{C36AC009-FE6A-65EF-E11F-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009847Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:04:09.481{C36AC009-FE69-65EF-E01F-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009846Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:04:08.731{C36AC009-FE68-65EF-DF1F-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009845Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:04:07.965{C36AC009-FE67-65EF-DE1F-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009844Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:04:07.210{C36AC009-FE67-65EF-DD1F-000000005403}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009843Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:03:10.050{C36AC009-FE2E-65EF-DC1F-000000005403}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009842Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:03:09.453{C36AC009-FE2D-65EF-DB1F-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009841Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:03:08.731{C36AC009-FE2C-65EF-DA1F-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009840Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:03:07.965{C36AC009-FE2B-65EF-D91F-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009839Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:03:07.200{C36AC009-FE2B-65EF-D81F-000000005403}2124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009838Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:02:10.115{C36AC009-FDF2-65EF-D71F-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009837Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:02:09.455{C36AC009-FDF1-65EF-D61F-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009836Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:02:08.705{C36AC009-FDF0-65EF-D51F-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009835Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:02:07.949{C36AC009-FDEF-65EF-D41F-000000005403}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009834Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:02:07.183{C36AC009-FDEF-65EF-D31F-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009833Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:01:10.191{C36AC009-FDB6-65EF-D21F-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009832Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:01:09.437{C36AC009-FDB5-65EF-D11F-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009831Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:01:08.683{C36AC009-FDB4-65EF-D01F-000000005403}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009830Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:01:07.933{C36AC009-FDB3-65EF-CF1F-000000005403}912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009829Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:01:07.179{C36AC009-FDB3-65EF-CE1F-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009828Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:00:10.032{C36AC009-FD7A-65EF-CD1F-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009827Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:00:09.261{C36AC009-FD79-65EF-CC1F-000000005403}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009826Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:00:08.512{C36AC009-FD78-65EF-CB1F-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009825Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:00:07.918{C36AC009-FD77-65EF-CA1F-000000005403}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009824Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 07:00:07.163{C36AC009-FD77-65EF-C91F-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009823Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:59:12.437{C36AC009-FD40-65EF-C81F-000000005403}4216C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009822Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:59:12.397{C36AC009-FD40-65EF-C71F-000000005403}3788C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009821Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:59:12.361{C36AC009-FD40-65EF-C61F-000000005403}4164C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009820Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:59:12.296{C36AC009-FD40-65EF-C41F-000000005403}3148C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009819Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:59:10.024{C36AC009-FD3E-65EF-C31F-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009818Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:59:09.414{C36AC009-FD3D-65EF-C21F-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009817Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:59:08.653{C36AC009-FD3C-65EF-C11F-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009816Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:59:07.903{C36AC009-FD3B-65EF-C01F-000000005403}4480C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009815Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:59:07.148{C36AC009-FD3B-65EF-BF1F-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009814Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:58:10.034{C36AC009-FD02-65EF-BE1F-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009813Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:58:09.402{C36AC009-FD01-65EF-BD1F-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009812Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:58:08.646{C36AC009-FD00-65EF-BC1F-000000005403}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009811Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:58:07.890{C36AC009-FCFF-65EF-BB1F-000000005403}996C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009810Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:58:07.140{C36AC009-FCFF-65EF-BA1F-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009809Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:57:10.036{C36AC009-FCC6-65EF-B91F-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009808Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:57:09.388{C36AC009-FCC5-65EF-B81F-000000005403}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009807Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:57:08.633{C36AC009-FCC4-65EF-B71F-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009806Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:57:07.882{C36AC009-FCC3-65EF-B61F-000000005403}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009805Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:57:07.116{C36AC009-FCC3-65EF-B51F-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009804Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:56:10.146{C36AC009-FC8A-65EF-B41F-000000005403}208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009803Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:56:09.388{C36AC009-FC89-65EF-B31F-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009802Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:56:08.631{C36AC009-FC88-65EF-B21F-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009801Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:56:07.865{C36AC009-FC87-65EF-B11F-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009800Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:56:07.108{C36AC009-FC87-65EF-B01F-000000005403}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009799Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:55:10.120{C36AC009-FC4E-65EF-AF1F-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009798Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:55:09.362{C36AC009-FC4D-65EF-AE1F-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009797Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:55:08.612{C36AC009-FC4C-65EF-AD1F-000000005403}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009796Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:55:07.854{C36AC009-FC4B-65EF-AC1F-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009795Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:55:07.111{C36AC009-FC4B-65EF-AB1F-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009794Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:54:12.427{C36AC009-FC14-65EF-AA1F-000000005403}1376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009793Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:54:12.387{C36AC009-FC14-65EF-A91F-000000005403}364C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009792Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:54:12.351{C36AC009-FC14-65EF-A81F-000000005403}3148C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009791Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:54:12.286{C36AC009-FC14-65EF-A61F-000000005403}376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009790Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:54:10.106{C36AC009-FC12-65EF-A51F-000000005403}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009789Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:54:09.341{C36AC009-FC11-65EF-A41F-000000005403}3960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009788Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:54:08.575{C36AC009-FC10-65EF-A31F-000000005403}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009787Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:54:07.856{C36AC009-FC0F-65EF-A21F-000000005403}4200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009786Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:54:07.090{C36AC009-FC0F-65EF-A11F-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009785Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:53:10.111{C36AC009-FBD6-65EF-A01F-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009784Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:53:09.359{C36AC009-FBD5-65EF-9F1F-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009783Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:53:08.609{C36AC009-FBD4-65EF-9E1F-000000005403}996C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009782Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:53:07.843{C36AC009-FBD3-65EF-9D1F-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009781Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:53:07.091{C36AC009-FBD3-65EF-9C1F-000000005403}1732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009780Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:52:10.069{C36AC009-FB9A-65EF-9B1F-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009779Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:52:09.310{C36AC009-FB99-65EF-9A1F-000000005403}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009778Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:52:08.550{C36AC009-FB98-65EF-991F-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009777Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:52:07.847{C36AC009-FB97-65EF-981F-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009776Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:52:07.088{C36AC009-FB97-65EF-971F-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009775Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:51:10.031{C36AC009-FB5E-65EF-961F-000000005403}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009774Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:51:09.358{C36AC009-FB5D-65EF-951F-000000005403}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009773Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:51:08.608{C36AC009-FB5C-65EF-941F-000000005403}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009772Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:51:07.848{C36AC009-FB5B-65EF-931F-000000005403}2200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009771Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:51:07.088{C36AC009-FB5B-65EF-921F-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009770Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:50:10.117{C36AC009-FB22-65EF-911F-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009769Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:50:09.367{C36AC009-FB21-65EF-901F-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009768Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:50:08.596{C36AC009-FB20-65EF-8F1F-000000005403}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009767Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:50:07.846{C36AC009-FB1F-65EF-8E1F-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009766Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:50:07.085{C36AC009-FB1F-65EF-8D1F-000000005403}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009765Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:49:12.418{C36AC009-FAE8-65EF-8C1F-000000005403}4988C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009764Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:49:12.378{C36AC009-FAE8-65EF-8B1F-000000005403}3780C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009763Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:49:12.343{C36AC009-FAE8-65EF-8A1F-000000005403}2948C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009762Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:49:12.279{C36AC009-FAE8-65EF-881F-000000005403}1576C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009761Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:49:10.090{C36AC009-FAE6-65EF-871F-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009760Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:49:09.344{C36AC009-FAE5-65EF-861F-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009759Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:49:08.593{C36AC009-FAE4-65EF-851F-000000005403}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009758Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:49:07.827{C36AC009-FAE3-65EF-841F-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009757Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:49:07.070{C36AC009-FAE3-65EF-831F-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009756Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:48:10.116{C36AC009-FAAA-65EF-821F-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009755Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:48:09.354{C36AC009-FAA9-65EF-811F-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009754Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:48:08.604{C36AC009-FAA8-65EF-801F-000000005403}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009753Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:48:07.841{C36AC009-FAA7-65EF-7F1F-000000005403}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009752Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:48:07.067{C36AC009-FAA7-65EF-7E1F-000000005403}708C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009751Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:47:10.133{C36AC009-FA6E-65EF-7D1F-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009750Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:47:09.367{C36AC009-FA6D-65EF-7C1F-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009749Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:47:08.604{C36AC009-FA6C-65EF-7B1F-000000005403}3040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009748Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:47:07.888{C36AC009-FA6B-65EF-7A1F-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009747Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:47:07.138{C36AC009-FA6B-65EF-791F-000000005403}3484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009746Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:46:10.151{C36AC009-FA32-65EF-781F-000000005403}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009745Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:46:09.401{C36AC009-FA31-65EF-771F-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009744Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:46:08.638{C36AC009-FA30-65EF-761F-000000005403}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009743Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:46:07.875{C36AC009-FA2F-65EF-751F-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009742Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:46:07.127{C36AC009-FA2F-65EF-741F-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009741Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:45:10.065{C36AC009-F9F6-65EF-731F-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009740Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:45:09.305{C36AC009-F9F5-65EF-721F-000000005403}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009739Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:45:08.540{C36AC009-F9F4-65EF-711F-000000005403}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009738Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:45:07.899{C36AC009-F9F3-65EF-701F-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009737Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:45:07.137{C36AC009-F9F3-65EF-6F1F-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009736Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:44:12.413{C36AC009-F9BC-65EF-6E1F-000000005403}1560C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009735Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:44:12.372{C36AC009-F9BC-65EF-6D1F-000000005403}4176C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009734Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:44:12.337{C36AC009-F9BC-65EF-6C1F-000000005403}3868C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009733Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:44:12.271{C36AC009-F9BC-65EF-6A1F-000000005403}3812C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009732Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:44:10.159{C36AC009-F9BA-65EF-691F-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009731Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:44:09.395{C36AC009-F9B9-65EF-681F-000000005403}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009730Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:44:08.634{C36AC009-F9B8-65EF-671F-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009729Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:44:07.889{C36AC009-F9B7-65EF-661F-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009728Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:44:07.125{C36AC009-F9B7-65EF-651F-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009727Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:43:09.983{C36AC009-F97D-65EF-641F-000000005403}5004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009726Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:43:09.373{C36AC009-F97D-65EF-631F-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009725Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:43:08.608{C36AC009-F97C-65EF-621F-000000005403}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009724Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:43:07.873{C36AC009-F97B-65EF-611F-000000005403}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009723Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:43:07.112{C36AC009-F97B-65EF-601F-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009722Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:42:10.138{C36AC009-F942-65EF-5F1F-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009721Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:42:09.372{C36AC009-F941-65EF-5E1F-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009720Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:42:08.622{C36AC009-F940-65EF-5D1F-000000005403}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009719Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:42:07.856{C36AC009-F93F-65EF-5C1F-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009718Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:42:07.106{C36AC009-F93F-65EF-5B1F-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009717Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:41:10.021{C36AC009-F906-65EF-5A1F-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009716Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:41:09.364{C36AC009-F905-65EF-591F-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009715Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:41:08.613{C36AC009-F904-65EF-581F-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009714Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:41:07.848{C36AC009-F903-65EF-571F-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009713Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:41:07.097{C36AC009-F903-65EF-561F-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009712Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:40:09.945{C36AC009-F8C9-65EF-551F-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009711Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:40:09.195{C36AC009-F8C9-65EF-541F-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009710Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:40:08.446{C36AC009-F8C8-65EF-531F-000000005403}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009709Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:40:07.849{C36AC009-F8C7-65EF-521F-000000005403}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009708Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:40:07.099{C36AC009-F8C7-65EF-511F-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009707Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:39:12.402{C36AC009-F890-65EF-501F-000000005403}1740C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009706Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:39:12.362{C36AC009-F890-65EF-4F1F-000000005403}2976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009705Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:39:12.326{C36AC009-F890-65EF-4E1F-000000005403}3476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009704Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:39:12.260{C36AC009-F890-65EF-4C1F-000000005403}2624C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009703Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:39:09.983{C36AC009-F88D-65EF-4B1F-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009702Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:39:09.218{C36AC009-F88D-65EF-4A1F-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009701Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:39:08.479{C36AC009-F88C-65EF-491F-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009700Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:39:07.854{C36AC009-F88B-65EF-481F-000000005403}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009699Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:39:07.088{C36AC009-F88B-65EF-471F-000000005403}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009698Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:38:09.937{C36AC009-F851-65EF-461F-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009697Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:38:09.343{C36AC009-F851-65EF-451F-000000005403}2300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009696Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:38:08.591{C36AC009-F850-65EF-441F-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009695Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:38:07.841{C36AC009-F84F-65EF-431F-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009694Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:38:07.089{C36AC009-F84F-65EF-421F-000000005403}912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009693Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:37:10.103{C36AC009-F816-65EF-411F-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009692Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:37:09.353{C36AC009-F815-65EF-401F-000000005403}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009691Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:37:08.600{C36AC009-F814-65EF-3F1F-000000005403}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009690Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:37:07.847{C36AC009-F813-65EF-3E1F-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009689Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:37:07.082{C36AC009-F813-65EF-3D1F-000000005403}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009688Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:36:10.093{C36AC009-F7DA-65EF-3C1F-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009687Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:36:09.328{C36AC009-F7D9-65EF-3B1F-000000005403}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009686Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:36:08.562{C36AC009-F7D8-65EF-3A1F-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009685Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:36:07.840{C36AC009-F7D7-65EF-391F-000000005403}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009684Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:36:07.086{C36AC009-F7D7-65EF-381F-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009683Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:35:10.012{C36AC009-F79E-65EF-371F-000000005403}2200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009682Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:35:09.355{C36AC009-F79D-65EF-361F-000000005403}2376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009681Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:35:08.601{C36AC009-F79C-65EF-351F-000000005403}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009680Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:35:07.835{C36AC009-F79B-65EF-341F-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009679Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:35:07.081{C36AC009-F79B-65EF-331F-000000005403}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009678Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:34:12.392{C36AC009-F764-65EF-321F-000000005403}4744C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009677Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:34:12.353{C36AC009-F764-65EF-311F-000000005403}4724C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009676Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:34:12.317{C36AC009-F764-65EF-301F-000000005403}4436C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009675Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:34:12.252{C36AC009-F764-65EF-2E1F-000000005403}2216C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009674Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:34:09.975{C36AC009-F761-65EF-2D1F-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009673Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:34:09.365{C36AC009-F761-65EF-2C1F-000000005403}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009672Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:34:08.604{C36AC009-F760-65EF-2B1F-000000005403}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009671Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:34:07.854{C36AC009-F75F-65EF-2A1F-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009670Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:34:07.085{C36AC009-F75F-65EF-291F-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009669Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:33:10.088{C36AC009-F726-65EF-281F-000000005403}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009668Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:33:09.348{C36AC009-F725-65EF-271F-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009667Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:33:08.598{C36AC009-F724-65EF-261F-000000005403}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009666Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:33:07.843{C36AC009-F723-65EF-251F-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009665Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:33:07.087{C36AC009-F723-65EF-241F-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009664Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:32:10.050{C36AC009-F6EA-65EF-231F-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009663Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:32:09.346{C36AC009-F6E9-65EF-221F-000000005403}1044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009662Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:32:08.590{C36AC009-F6E8-65EF-211F-000000005403}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009661Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:32:07.849{C36AC009-F6E7-65EF-201F-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009660Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:32:07.084{C36AC009-F6E7-65EF-1F1F-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009659Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:31:09.969{C36AC009-F6AD-65EF-1E1F-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009658Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:31:09.212{C36AC009-F6AD-65EF-1D1F-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009657Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:31:08.440{C36AC009-F6AC-65EF-1C1F-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009656Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:31:07.830{C36AC009-F6AB-65EF-1B1F-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009655Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:31:07.073{C36AC009-F6AB-65EF-1A1F-000000005403}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009654Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:30:09.956{C36AC009-F671-65EF-191F-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009653Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:30:09.340{C36AC009-F671-65EF-181F-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009652Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:30:08.574{C36AC009-F670-65EF-171F-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009651Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:30:07.817{C36AC009-F66F-65EF-161F-000000005403}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009650Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:30:07.060{C36AC009-F66F-65EF-151F-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009649Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:29:12.374{C36AC009-F638-65EF-141F-000000005403}2888C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009648Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:29:12.335{C36AC009-F638-65EF-131F-000000005403}4308C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009647Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:29:12.299{C36AC009-F638-65EF-121F-000000005403}1044C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009646Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:29:12.234{C36AC009-F638-65EF-101F-000000005403}4660C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009645Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:29:10.088{C36AC009-F636-65EF-0F1F-000000005403}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009644Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:29:09.330{C36AC009-F635-65EF-0E1F-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009643Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:29:08.565{C36AC009-F634-65EF-0D1F-000000005403}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009642Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:29:07.807{C36AC009-F633-65EF-0C1F-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009641Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:29:07.049{C36AC009-F633-65EF-0B1F-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009640Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:28:10.000{C36AC009-F5FA-65EF-0A1F-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009639Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:28:09.304{C36AC009-F5F9-65EF-091F-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009638Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:28:08.546{C36AC009-F5F8-65EF-081F-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009637Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:28:07.796{C36AC009-F5F7-65EF-071F-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009636Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:28:07.037{C36AC009-F5F7-65EF-061F-000000005403}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009635Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:27:10.086{C36AC009-F5BE-65EF-051F-000000005403}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009634Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:27:09.320{C36AC009-F5BD-65EF-041F-000000005403}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009633Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:27:08.561{C36AC009-F5BC-65EF-031F-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009632Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:27:07.802{C36AC009-F5BB-65EF-021F-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009631Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:27:07.037{C36AC009-F5BB-65EF-011F-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009630Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:26:10.052{C36AC009-F582-65EF-001F-000000005403}4436C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009629Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:26:09.298{C36AC009-F581-65EF-FF1E-000000005403}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009628Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:26:08.548{C36AC009-F580-65EF-FE1E-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009627Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:26:07.798{C36AC009-F57F-65EF-FD1E-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009626Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:26:07.029{C36AC009-F57F-65EF-FC1E-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009625Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:25:10.065{C36AC009-F546-65EF-FB1E-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009624Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:25:09.289{C36AC009-F545-65EF-FA1E-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009623Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:25:08.539{C36AC009-F544-65EF-F91E-000000005403}2300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009622Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:25:07.778{C36AC009-F543-65EF-F81E-000000005403}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009621Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:25:07.018{C36AC009-F543-65EF-F71E-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009620Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:24:12.374{C36AC009-F50C-65EF-F61E-000000005403}4628C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009619Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:24:12.335{C36AC009-F50C-65EF-F51E-000000005403}4300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009618Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:24:12.298{C36AC009-F50C-65EF-F41E-000000005403}1488C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009617Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:24:12.233{C36AC009-F50C-65EF-F21E-000000005403}4852C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009616Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:24:10.016{C36AC009-F50A-65EF-F11E-000000005403}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009615Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:24:09.266{C36AC009-F509-65EF-F01E-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009614Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:24:08.509{C36AC009-F508-65EF-EF1E-000000005403}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009613Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:24:07.759{C36AC009-F507-65EF-EE1E-000000005403}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009612Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:24:07.009{C36AC009-F507-65EF-ED1E-000000005403}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009611Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:23:09.894{C36AC009-F4CD-65EF-EC1E-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009610Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:23:09.273{C36AC009-F4CD-65EF-EB1E-000000005403}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009609Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:23:08.527{C36AC009-F4CC-65EF-EA1E-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009608Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:23:07.761{C36AC009-F4CB-65EF-E91E-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009607Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:23:07.000{C36AC009-F4CB-65EF-E81E-000000005403}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009606Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:22:09.885{C36AC009-F491-65EF-E71E-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009605Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:22:09.123{C36AC009-F491-65EF-E61E-000000005403}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009604Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:22:08.377{C36AC009-F490-65EF-E51E-000000005403}1044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009603Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:22:07.755{C36AC009-F48F-65EF-E41E-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009602Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:22:07.005{C36AC009-F48F-65EF-E31E-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009601Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:21:09.945{C36AC009-F455-65EF-E21E-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009600Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:21:09.261{C36AC009-F455-65EF-E11E-000000005403}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009599Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:21:08.498{C36AC009-F454-65EF-E01E-000000005403}4472C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009598Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:21:07.751{C36AC009-F453-65EF-DF1E-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009597Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:21:07.001{C36AC009-F453-65EF-DE1E-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009596Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:20:09.946{C36AC009-F419-65EF-DD1E-000000005403}4200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009595Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:20:09.258{C36AC009-F419-65EF-DC1E-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009594Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:20:08.495{C36AC009-F418-65EF-DB1E-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009593Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:20:07.751{C36AC009-F417-65EF-DA1E-000000005403}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009592Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:20:07.000{C36AC009-F417-65EF-D91E-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009591Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:19:12.370{C36AC009-F3E0-65EF-D81E-000000005403}3104C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009590Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:19:12.330{C36AC009-F3E0-65EF-D71E-000000005403}2900C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009589Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:19:12.293{C36AC009-F3E0-65EF-D61E-000000005403}764C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009588Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:19:12.229{C36AC009-F3E0-65EF-D41E-000000005403}4116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009587Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:19:10.039{C36AC009-F3DE-65EF-D31E-000000005403}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009586Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:19:09.275{C36AC009-F3DD-65EF-D21E-000000005403}2164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009585Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:19:08.513{C36AC009-F3DC-65EF-D11E-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009584Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:19:07.763{C36AC009-F3DB-65EF-D01E-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009583Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:19:06.999{C36AC009-F3DA-65EF-CF1E-000000005403}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009582Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:18:10.046{C36AC009-F3A2-65EF-CE1E-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009581Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:18:09.297{C36AC009-F3A1-65EF-CD1E-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009580Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:18:08.532{C36AC009-F3A0-65EF-CC1E-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009579Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:18:07.767{C36AC009-F39F-65EF-CB1E-000000005403}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009578Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:18:07.003{C36AC009-F39F-65EF-CA1E-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009577Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:17:09.875{C36AC009-F365-65EF-C91E-000000005403}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009576Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:17:09.249{C36AC009-F365-65EF-C81E-000000005403}2200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009575Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:17:08.499{C36AC009-F364-65EF-C71E-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009574Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:17:07.750{C36AC009-F363-65EF-C61E-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009573Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:17:07.000{C36AC009-F363-65EF-C51E-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009572Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:16:09.972{C36AC009-F329-65EF-C41E-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009571Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:16:09.221{C36AC009-F329-65EF-C31E-000000005403}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009570Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:16:08.456{C36AC009-F328-65EF-C21E-000000005403}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009569Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:16:07.736{C36AC009-F327-65EF-C11E-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009568Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:16:06.977{C36AC009-F326-65EF-C01E-000000005403}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009567Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:15:09.993{C36AC009-F2ED-65EF-BF1E-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009566Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:15:09.243{C36AC009-F2ED-65EF-BE1E-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009565Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:15:08.477{C36AC009-F2EC-65EF-BD1E-000000005403}4924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009564Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:15:07.726{C36AC009-F2EB-65EF-BC1E-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009563Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:15:06.975{C36AC009-F2EA-65EF-BB1E-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009562Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:14:12.355{C36AC009-F2B4-65EF-BA1E-000000005403}4212C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009561Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:14:12.316{C36AC009-F2B4-65EF-B91E-000000005403}4964C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009560Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:14:12.280{C36AC009-F2B4-65EF-B81E-000000005403}5096C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009559Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:14:12.216{C36AC009-F2B4-65EF-B61E-000000005403}1580C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009558Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:14:09.972{C36AC009-F2B1-65EF-B51E-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009557Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:14:09.215{C36AC009-F2B1-65EF-B41E-000000005403}440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009556Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:14:08.465{C36AC009-F2B0-65EF-B31E-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009555Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:14:07.714{C36AC009-F2AF-65EF-B21E-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009554Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:14:06.957{C36AC009-F2AE-65EF-B11E-000000005403}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009553Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:13:09.985{C36AC009-F275-65EF-B01E-000000005403}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009552Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:13:09.217{C36AC009-F275-65EF-AF1E-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009551Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:13:08.466{C36AC009-F274-65EF-AE1E-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009550Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:13:07.700{C36AC009-F273-65EF-AD1E-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009549Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:13:06.943{C36AC009-F272-65EF-AC1E-000000005403}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009548Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:12:09.968{C36AC009-F239-65EF-AB1E-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009547Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:12:09.202{C36AC009-F239-65EF-AA1E-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009546Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:12:08.447{C36AC009-F238-65EF-A91E-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009545Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:12:07.682{C36AC009-F237-65EF-A81E-000000005403}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009544Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:12:06.929{C36AC009-F236-65EF-A71E-000000005403}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009543Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:11:09.962{C36AC009-F1FD-65EF-A61E-000000005403}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009542Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:11:09.206{C36AC009-F1FD-65EF-A51E-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009541Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:11:08.440{C36AC009-F1FC-65EF-A41E-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009540Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:11:07.675{C36AC009-F1FB-65EF-A31E-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009539Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:11:06.915{C36AC009-F1FA-65EF-A21E-000000005403}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009538Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:10:09.755{C36AC009-F1C1-65EF-A11E-000000005403}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009537Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:10:09.173{C36AC009-F1C1-65EF-A01E-000000005403}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009536Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:10:08.419{C36AC009-F1C0-65EF-9F1E-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009535Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:10:07.653{C36AC009-F1BF-65EF-9E1E-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009534Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:10:06.899{C36AC009-F1BE-65EF-9D1E-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009533Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:09:12.353{C36AC009-F188-65EF-9C1E-000000005403}3044C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009532Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:09:12.315{C36AC009-F188-65EF-9B1E-000000005403}1488C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009531Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:09:12.278{C36AC009-F188-65EF-9A1E-000000005403}5036C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009530Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:09:12.213{C36AC009-F188-65EF-981E-000000005403}2268C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009529Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:09:09.866{C36AC009-F185-65EF-971E-000000005403}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009528Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:09:09.116{C36AC009-F185-65EF-961E-000000005403}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009527Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:09:08.362{C36AC009-F184-65EF-951E-000000005403}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009526Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:09:07.638{C36AC009-F183-65EF-941E-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009525Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:09:06.889{C36AC009-F182-65EF-931E-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009524Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:08:09.804{C36AC009-F149-65EF-921E-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009523Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:08:09.127{C36AC009-F149-65EF-911E-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009522Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:08:08.377{C36AC009-F148-65EF-901E-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009521Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:08:07.621{C36AC009-F147-65EF-8F1E-000000005403}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009520Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:08:06.866{C36AC009-F146-65EF-8E1E-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009519Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:07:09.886{C36AC009-F10D-65EF-8D1E-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009518Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:07:09.114{C36AC009-F10D-65EF-8C1E-000000005403}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009517Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:07:08.375{C36AC009-F10C-65EF-8B1E-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009516Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:07:07.609{C36AC009-F10B-65EF-8A1E-000000005403}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009515Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:07:06.854{C36AC009-F10A-65EF-891E-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009514Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:06:09.773{C36AC009-F0D1-65EF-881E-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009513Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:06:09.118{C36AC009-F0D1-65EF-871E-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009512Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:06:08.362{C36AC009-F0D0-65EF-861E-000000005403}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009511Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:06:07.606{C36AC009-F0CF-65EF-851E-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009510Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:06:06.835{C36AC009-F0CE-65EF-841E-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009509Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:05:09.864{C36AC009-F095-65EF-831E-000000005403}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009508Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:05:09.108{C36AC009-F095-65EF-821E-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009507Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:05:08.345{C36AC009-F094-65EF-811E-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009506Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:05:07.582{C36AC009-F093-65EF-801E-000000005403}4924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009505Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:05:06.832{C36AC009-F092-65EF-7F1E-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009504Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:04:12.348{C36AC009-F05C-65EF-7E1E-000000005403}4668C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009503Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:04:12.310{C36AC009-F05C-65EF-7D1E-000000005403}2900C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009502Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:04:12.274{C36AC009-F05C-65EF-7C1E-000000005403}4964C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009501Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:04:12.209{C36AC009-F05C-65EF-7A1E-000000005403}1088C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009500Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:04:09.864{C36AC009-F059-65EF-791E-000000005403}4408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009499Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:04:09.100{C36AC009-F059-65EF-781E-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009498Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:04:08.338{C36AC009-F058-65EF-771E-000000005403}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009497Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:04:07.588{C36AC009-F057-65EF-761E-000000005403}4472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009496Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:04:06.815{C36AC009-F056-65EF-751E-000000005403}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009495Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:03:09.843{C36AC009-F01D-65EF-741E-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009494Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:03:09.078{C36AC009-F01D-65EF-731E-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009493Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:03:08.317{C36AC009-F01C-65EF-721E-000000005403}1600C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009492Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:03:07.559{C36AC009-F01B-65EF-711E-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009491Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:03:06.803{C36AC009-F01A-65EF-701E-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009490Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:02:09.744{C36AC009-EFE1-65EF-6F1E-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009489Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:02:08.978{C36AC009-EFE0-65EF-6E1E-000000005403}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009488Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:02:08.215{C36AC009-EFE0-65EF-6D1E-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009487Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:02:07.548{C36AC009-EFDF-65EF-6C1E-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009486Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:02:06.784{C36AC009-EFDE-65EF-6B1E-000000005403}3660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009485Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:01:09.660{C36AC009-EFA5-65EF-6A1E-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009484Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:01:08.909{C36AC009-EFA4-65EF-691E-000000005403}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009483Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:01:08.143{C36AC009-EFA4-65EF-681E-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009482Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:01:07.544{C36AC009-EFA3-65EF-671E-000000005403}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009481Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:01:06.791{C36AC009-EFA2-65EF-661E-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009480Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:00:09.704{C36AC009-EF69-65EF-651E-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009479Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:00:09.084{C36AC009-EF69-65EF-641E-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009478Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:00:08.324{C36AC009-EF68-65EF-631E-000000005403}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009477Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:00:07.553{C36AC009-EF67-65EF-621E-000000005403}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009476Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 06:00:06.793{C36AC009-EF66-65EF-611E-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009475Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:59:12.336{C36AC009-EF30-65EF-5F1E-000000005403}1568C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009474Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:59:12.297{C36AC009-EF30-65EF-5E1E-000000005403}4340C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009473Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:59:12.261{C36AC009-EF30-65EF-5D1E-000000005403}5032C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009472Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:59:12.196{C36AC009-EF30-65EF-5B1E-000000005403}1984C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009471Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:59:09.811{C36AC009-EF2D-65EF-5A1E-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009470Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:59:09.045{C36AC009-EF2D-65EF-591E-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009469Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:59:08.285{C36AC009-EF2C-65EF-581E-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009468Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:59:07.541{C36AC009-EF2B-65EF-571E-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009467Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:59:06.791{C36AC009-EF2A-65EF-561E-000000005403}4964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009466Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:58:09.697{C36AC009-EEF1-65EF-551E-000000005403}4436C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009465Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:58:09.092{C36AC009-EEF1-65EF-541E-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009464Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:58:08.326{C36AC009-EEF0-65EF-531E-000000005403}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009463Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:58:07.549{C36AC009-EEEF-65EF-521E-000000005403}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009462Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:58:06.785{C36AC009-EEEE-65EF-511E-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009461Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:57:09.718{C36AC009-EEB5-65EF-501E-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009460Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:57:09.061{C36AC009-EEB5-65EF-4F1E-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009459Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:57:08.304{C36AC009-EEB4-65EF-4E1E-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009458Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:57:07.554{C36AC009-EEB3-65EF-4D1E-000000005403}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009457Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:57:06.793{C36AC009-EEB2-65EF-4C1E-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009456Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:56:09.831{C36AC009-EE79-65EF-4B1E-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009455Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:56:09.069{C36AC009-EE79-65EF-4A1E-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009454Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:56:08.303{C36AC009-EE78-65EF-491E-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009453Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:56:07.541{C36AC009-EE77-65EF-481E-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009452Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:56:06.784{C36AC009-EE76-65EF-471E-000000005403}4408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009451Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:55:09.784{C36AC009-EE3D-65EF-461E-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009450Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:55:09.038{C36AC009-EE3D-65EF-451E-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009449Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:55:08.305{C36AC009-EE3C-65EF-441E-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009448Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:55:07.555{C36AC009-EE3B-65EF-431E-000000005403}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009447Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:55:06.793{C36AC009-EE3A-65EF-421E-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009446Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:54:12.323{C36AC009-EE04-65EF-411E-000000005403}4204C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009445Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:54:12.285{C36AC009-EE04-65EF-401E-000000005403}4920C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009444Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:54:12.249{C36AC009-EE04-65EF-3F1E-000000005403}32C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009443Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:54:12.184{C36AC009-EE04-65EF-3D1E-000000005403}4464C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009442Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:54:09.588{C36AC009-EE01-65EF-3C1E-000000005403}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009441Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:54:08.964{C36AC009-EE00-65EF-3B1E-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009440Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:54:08.294{C36AC009-EE00-65EF-3A1E-000000005403}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009439Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:54:07.530{C36AC009-EDFF-65EF-391E-000000005403}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009438Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:54:06.780{C36AC009-EDFE-65EF-381E-000000005403}4148C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009437Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:53:09.385{C36AC009-EDC5-65EF-371E-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009436Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:53:08.760{C36AC009-EDC4-65EF-361E-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009435Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:53:08.136{C36AC009-EDC4-65EF-351E-000000005403}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009434Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:53:07.511{C36AC009-EDC3-65EF-341E-000000005403}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009433Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:53:06.762{C36AC009-EDC2-65EF-331E-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009432Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:52:09.635{C36AC009-ED89-65EF-321E-000000005403}4136C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009431Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:52:09.011{C36AC009-ED89-65EF-311E-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009430Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:52:08.261{C36AC009-ED88-65EF-301E-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009429Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:52:07.511{C36AC009-ED87-65EF-2F1E-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009428Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:52:06.747{C36AC009-ED86-65EF-2E1E-000000005403}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009427Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:51:09.723{C36AC009-ED4D-65EF-2D1E-000000005403}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009426Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:51:09.004{C36AC009-ED4D-65EF-2C1E-000000005403}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009425Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:51:08.239{C36AC009-ED4C-65EF-2B1E-000000005403}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009424Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:51:07.490{C36AC009-ED4B-65EF-2A1E-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009423Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:51:06.740{C36AC009-ED4A-65EF-291E-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009422Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:50:09.735{C36AC009-ED11-65EF-281E-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009421Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:50:08.985{C36AC009-ED10-65EF-271E-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009420Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:50:08.235{C36AC009-ED10-65EF-261E-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009419Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:50:07.485{C36AC009-ED0F-65EF-251E-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009418Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:50:06.735{C36AC009-ED0E-65EF-241E-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009417Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:49:12.306{C36AC009-ECD8-65EF-231E-000000005403}2272C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009416Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:49:12.268{C36AC009-ECD8-65EF-221E-000000005403}1016C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009415Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:49:12.232{C36AC009-ECD8-65EF-211E-000000005403}5112C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009414Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:49:12.167{C36AC009-ECD8-65EF-1F1E-000000005403}3900C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009413Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:49:09.803{C36AC009-ECD5-65EF-1E1E-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009412Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:49:09.114{C36AC009-ECD5-65EF-1D1E-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009411Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:49:08.348{C36AC009-ECD4-65EF-1C1E-000000005403}4176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009410Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:49:07.582{C36AC009-ECD3-65EF-1B1E-000000005403}3484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009409Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:49:06.831{C36AC009-ECD2-65EF-1A1E-000000005403}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009408Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:48:09.705{C36AC009-EC99-65EF-191E-000000005403}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009407Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:48:08.939{C36AC009-EC98-65EF-181E-000000005403}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009406Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:48:08.187{C36AC009-EC98-65EF-171E-000000005403}4648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009405Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:48:07.577{C36AC009-EC97-65EF-161E-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009404Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:48:06.812{C36AC009-EC96-65EF-151E-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009403Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:47:09.849{C36AC009-EC5D-65EF-141E-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009402Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:47:09.082{C36AC009-EC5D-65EF-131E-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009401Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:47:08.332{C36AC009-EC5C-65EF-121E-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009400Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:47:07.566{C36AC009-EC5B-65EF-111E-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009399Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:47:06.812{C36AC009-EC5A-65EF-101E-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009398Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:46:09.834{C36AC009-EC21-65EF-0F1E-000000005403}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009397Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:46:09.081{C36AC009-EC21-65EF-0E1E-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009396Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:46:08.315{C36AC009-EC20-65EF-0D1E-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009395Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:46:07.547{C36AC009-EC1F-65EF-0C1E-000000005403}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009394Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:46:06.794{C36AC009-EC1E-65EF-0B1E-000000005403}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009393Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:45:09.651{C36AC009-EBE5-65EF-0A1E-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009392Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:45:08.894{C36AC009-EBE4-65EF-091E-000000005403}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009391Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:45:08.144{C36AC009-EBE4-65EF-081E-000000005403}4364C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009390Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:45:07.535{C36AC009-EBE3-65EF-071E-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009389Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:45:06.781{C36AC009-EBE2-65EF-061E-000000005403}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009388Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:44:12.306{C36AC009-EBAC-65EF-051E-000000005403}3036C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009387Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:44:12.265{C36AC009-EBAC-65EF-041E-000000005403}1972C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009386Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:44:12.230{C36AC009-EBAC-65EF-031E-000000005403}32C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009385Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:44:12.166{C36AC009-EBAC-65EF-011E-000000005403}3576C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009384Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:44:09.790{C36AC009-EBA9-65EF-001E-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009383Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:44:09.040{C36AC009-EBA9-65EF-FF1D-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009382Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:44:08.281{C36AC009-EBA8-65EF-FE1D-000000005403}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009381Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:44:07.531{C36AC009-EBA7-65EF-FD1D-000000005403}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009380Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:44:06.766{C36AC009-EBA6-65EF-FC1D-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009379Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:43:09.639{C36AC009-EB6D-65EF-FB1D-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009378Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:43:09.045{C36AC009-EB6D-65EF-FA1D-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009377Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:43:08.291{C36AC009-EB6C-65EF-F91D-000000005403}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009376Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:43:07.525{C36AC009-EB6B-65EF-F81D-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009375Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:43:06.771{C36AC009-EB6A-65EF-F71D-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009374Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:42:09.672{C36AC009-EB31-65EF-F61D-000000005403}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009373Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:42:09.026{C36AC009-EB31-65EF-F51D-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009372Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:42:08.287{C36AC009-EB30-65EF-F41D-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009371Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:42:07.521{C36AC009-EB2F-65EF-F31D-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009370Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:42:06.766{C36AC009-EB2E-65EF-F21D-000000005403}912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009369Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:41:09.668{C36AC009-EAF5-65EF-F11D-000000005403}996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009368Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:41:08.912{C36AC009-EAF4-65EF-F01D-000000005403}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009367Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:41:08.147{C36AC009-EAF4-65EF-EF1D-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009366Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:41:07.500{C36AC009-EAF3-65EF-EE1D-000000005403}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009365Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:41:06.745{C36AC009-EAF2-65EF-ED1D-000000005403}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009364Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:40:09.796{C36AC009-EAB9-65EF-EC1D-000000005403}5040C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009363Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:40:09.030{C36AC009-EAB9-65EF-EB1D-000000005403}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009362Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:40:08.268{C36AC009-EAB8-65EF-EA1D-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009361Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:40:07.502{C36AC009-EAB7-65EF-E91D-000000005403}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009360Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:40:06.752{C36AC009-EAB6-65EF-E81D-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009359Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:39:12.294{C36AC009-EA80-65EF-E71D-000000005403}4840C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009358Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:39:12.256{C36AC009-EA80-65EF-E61D-000000005403}4100C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009357Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:39:12.220{C36AC009-EA80-65EF-E51D-000000005403}3408C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009356Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:39:12.155{C36AC009-EA80-65EF-E31D-000000005403}3744C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009355Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:39:09.698{C36AC009-EA7D-65EF-E21D-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009354Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:39:08.948{C36AC009-EA7C-65EF-E11D-000000005403}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009353Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:39:08.185{C36AC009-EA7C-65EF-E01D-000000005403}4340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009352Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:39:07.481{C36AC009-EA7B-65EF-DF1D-000000005403}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009351Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:39:06.731{C36AC009-EA7A-65EF-DE1D-000000005403}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009350Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:38:09.612{C36AC009-EA41-65EF-DD1D-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009349Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:38:08.963{C36AC009-EA40-65EF-DC1D-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009348Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:38:08.222{C36AC009-EA40-65EF-DB1D-000000005403}4500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009347Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:38:07.471{C36AC009-EA3F-65EF-DA1D-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009346Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:38:06.714{C36AC009-EA3E-65EF-D91D-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009345Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:37:09.595{C36AC009-EA05-65EF-D81D-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009344Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:37:08.954{C36AC009-EA04-65EF-D71D-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009343Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:37:08.196{C36AC009-EA04-65EF-D61D-000000005403}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009342Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:37:07.453{C36AC009-EA03-65EF-D51D-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009341Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:37:06.703{C36AC009-EA02-65EF-D41D-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009340Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:36:09.751{C36AC009-E9C9-65EF-D31D-000000005403}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009339Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:36:08.992{C36AC009-E9C8-65EF-D21D-000000005403}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009338Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:36:08.233{C36AC009-E9C8-65EF-D11D-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009337Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:36:07.467{C36AC009-E9C7-65EF-D01D-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009336Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:36:06.701{C36AC009-E9C6-65EF-CF1D-000000005403}4404C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009335Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:35:09.619{C36AC009-E98D-65EF-CE1D-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009334Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:35:08.854{C36AC009-E98C-65EF-CD1D-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009333Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:35:08.095{C36AC009-E98C-65EF-CC1D-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009332Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:35:07.445{C36AC009-E98B-65EF-CB1D-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009331Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:35:06.679{C36AC009-E98A-65EF-CA1D-000000005403}3356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009330Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:34:12.283{C36AC009-E954-65EF-C91D-000000005403}4176C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009329Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:34:12.241{C36AC009-E954-65EF-C81D-000000005403}3740C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009328Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:34:12.204{C36AC009-E954-65EF-C71D-000000005403}892C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009327Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:34:12.139{C36AC009-E954-65EF-C51D-000000005403}4488C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009326Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:34:09.567{C36AC009-E951-65EF-C41D-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009325Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:34:08.947{C36AC009-E950-65EF-C31D-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009324Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:34:08.197{C36AC009-E950-65EF-C21D-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009323Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:34:07.438{C36AC009-E94F-65EF-C11D-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009322Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:34:06.662{C36AC009-E94E-65EF-C01D-000000005403}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009321Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:33:09.685{C36AC009-E915-65EF-BF1D-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009320Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:33:08.925{C36AC009-E914-65EF-BE1D-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009319Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:33:08.164{C36AC009-E914-65EF-BD1D-000000005403}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009318Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:33:07.399{C36AC009-E913-65EF-BC1D-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009317Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:33:06.654{C36AC009-E912-65EF-BB1D-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009316Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:32:09.621{C36AC009-E8D9-65EF-BA1D-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009315Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:32:08.922{C36AC009-E8D8-65EF-B91D-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009314Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:32:08.161{C36AC009-E8D8-65EF-B81D-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009313Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:32:07.396{C36AC009-E8D7-65EF-B71D-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009312Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:32:06.635{C36AC009-E8D6-65EF-B61D-000000005403}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009311Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:31:09.614{C36AC009-E89D-65EF-B51D-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009310Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:31:08.848{C36AC009-E89C-65EF-B41D-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009309Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:31:08.086{C36AC009-E89C-65EF-B31D-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009308Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:31:07.387{C36AC009-E89B-65EF-B21D-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009307Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:31:06.621{C36AC009-E89A-65EF-B11D-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009306Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:30:09.629{C36AC009-E861-65EF-B01D-000000005403}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009305Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:30:08.870{C36AC009-E860-65EF-AF1D-000000005403}5040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009304Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:30:08.120{C36AC009-E860-65EF-AE1D-000000005403}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009303Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:30:07.370{C36AC009-E85F-65EF-AD1D-000000005403}4136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009302Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:30:06.616{C36AC009-E85E-65EF-AC1D-000000005403}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009301Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:29:12.277{C36AC009-E828-65EF-AB1D-000000005403}2976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009300Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:29:12.237{C36AC009-E828-65EF-AA1D-000000005403}4672C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009299Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:29:12.201{C36AC009-E828-65EF-A91D-000000005403}208C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009298Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:29:12.136{C36AC009-E828-65EF-A71D-000000005403}5112C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009297Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:29:09.620{C36AC009-E825-65EF-A61D-000000005403}2252C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009296Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:29:08.870{C36AC009-E824-65EF-A51D-000000005403}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009295Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:29:08.109{C36AC009-E824-65EF-A41D-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009294Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:29:07.359{C36AC009-E823-65EF-A31D-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009293Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:29:06.609{C36AC009-E822-65EF-A21D-000000005403}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009292Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:28:09.503{C36AC009-E7E9-65EF-A11D-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009291Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:28:08.878{C36AC009-E7E8-65EF-A01D-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009290Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:28:08.125{C36AC009-E7E8-65EF-9F1D-000000005403}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009289Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:28:07.359{C36AC009-E7E7-65EF-9E1D-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009288Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:28:06.609{C36AC009-E7E6-65EF-9D1D-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009287Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:27:09.527{C36AC009-E7AD-65EF-9C1D-000000005403}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009286Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:27:08.859{C36AC009-E7AC-65EF-9B1D-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009285Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:27:08.109{C36AC009-E7AC-65EF-9A1D-000000005403}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009284Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:27:07.359{C36AC009-E7AB-65EF-991D-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009283Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:27:06.597{C36AC009-E7AA-65EF-981D-000000005403}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009282Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:26:09.522{C36AC009-E771-65EF-971D-000000005403}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009281Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:26:08.773{C36AC009-E770-65EF-961D-000000005403}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009280Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:26:08.008{C36AC009-E770-65EF-951D-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009279Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:26:07.352{C36AC009-E76F-65EF-941D-000000005403}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009278Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:26:06.587{C36AC009-E76E-65EF-931D-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009277Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:25:09.441{C36AC009-E735-65EF-921D-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009276Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:25:08.692{C36AC009-E734-65EF-911D-000000005403}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009275Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:25:07.942{C36AC009-E733-65EF-901D-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009274Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:25:07.317{C36AC009-E733-65EF-8F1D-000000005403}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009273Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:25:06.569{C36AC009-E732-65EF-8E1D-000000005403}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009272Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:24:12.259{C36AC009-E6FC-65EF-8D1D-000000005403}5064C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009271Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:24:12.220{C36AC009-E6FC-65EF-8C1D-000000005403}2464C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009270Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:24:12.184{C36AC009-E6FC-65EF-8B1D-000000005403}4920C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009269Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:24:12.120{C36AC009-E6FC-65EF-891D-000000005403}3900C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009268Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:24:09.445{C36AC009-E6F9-65EF-881D-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009267Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:24:08.851{C36AC009-E6F8-65EF-871D-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009266Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:24:08.085{C36AC009-E6F8-65EF-861D-000000005403}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009265Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:24:07.319{C36AC009-E6F7-65EF-851D-000000005403}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009264Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:24:06.569{C36AC009-E6F6-65EF-841D-000000005403}4176C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009263Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:23:09.472{C36AC009-E6BD-65EF-831D-000000005403}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009262Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:23:08.850{C36AC009-E6BC-65EF-821D-000000005403}4668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009261Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:23:08.083{C36AC009-E6BC-65EF-811D-000000005403}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009260Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:23:07.318{C36AC009-E6BB-65EF-801D-000000005403}4404C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009259Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:23:06.568{C36AC009-E6BA-65EF-7F1D-000000005403}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009258Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:22:09.495{C36AC009-E681-65EF-7E1D-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009257Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:22:08.745{C36AC009-E680-65EF-7D1D-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009256Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:22:07.993{C36AC009-E67F-65EF-7C1D-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009255Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:22:07.319{C36AC009-E67F-65EF-7B1D-000000005403}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009254Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:22:06.569{C36AC009-E67E-65EF-7A1D-000000005403}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009253Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:21:09.481{C36AC009-E645-65EF-791D-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009252Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:21:08.823{C36AC009-E644-65EF-781D-000000005403}3484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009251Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:21:08.073{C36AC009-E644-65EF-771D-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009250Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:21:07.320{C36AC009-E643-65EF-761D-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009249Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:21:06.552{C36AC009-E642-65EF-751D-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009248Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:20:09.596{C36AC009-E609-65EF-741D-000000005403}4404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009247Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:20:08.830{C36AC009-E608-65EF-731D-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009246Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:20:08.077{C36AC009-E608-65EF-721D-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009245Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:20:07.324{C36AC009-E607-65EF-711D-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009244Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:20:06.558{C36AC009-E606-65EF-701D-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009243Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:19:12.255{C36AC009-E5D0-65EF-6F1D-000000005403}1116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009242Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:19:12.215{C36AC009-E5D0-65EF-6E1D-000000005403}4584C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009241Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:19:12.179{C36AC009-E5D0-65EF-6D1D-000000005403}428C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009240Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:19:12.113{C36AC009-E5D0-65EF-6B1D-000000005403}5072C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009239Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:19:09.052{C36AC009-E5CD-65EF-6A1D-000000005403}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009238Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:19:08.424{C36AC009-E5CC-65EF-691D-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009236Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:19:07.802{C36AC009-E5CB-65EF-681D-000000005403}5000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009235Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:19:07.190{C36AC009-E5CB-65EF-671D-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009234Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:19:06.543{C36AC009-E5CA-65EF-661D-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009233Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:18:09.439{C36AC009-E591-65EF-651D-000000005403}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009232Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:18:08.779{C36AC009-E590-65EF-641D-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009231Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:18:08.025{C36AC009-E590-65EF-631D-000000005403}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009230Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:18:07.275{C36AC009-E58F-65EF-621D-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009229Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:18:06.520{C36AC009-E58E-65EF-611D-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009228Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:17:09.536{C36AC009-E555-65EF-601D-000000005403}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009227Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:17:08.786{C36AC009-E554-65EF-5F1D-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009226Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:17:08.031{C36AC009-E554-65EF-5E1D-000000005403}3188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009225Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:17:07.277{C36AC009-E553-65EF-5D1D-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009224Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:17:06.527{C36AC009-E552-65EF-5C1D-000000005403}1380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009223Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:16:09.435{C36AC009-E519-65EF-5B1D-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009222Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:16:08.665{C36AC009-E518-65EF-5A1D-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009221Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:16:07.910{C36AC009-E517-65EF-591D-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009220Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:16:07.269{C36AC009-E517-65EF-581D-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009219Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:16:06.519{C36AC009-E516-65EF-571D-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009218Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:15:09.404{C36AC009-E4DD-65EF-561D-000000005403}4148C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009217Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:15:08.642{C36AC009-E4DC-65EF-551D-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009216Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:15:07.877{C36AC009-E4DB-65EF-541D-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009215Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:15:07.283{C36AC009-E4DB-65EF-531D-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009214Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:15:06.524{C36AC009-E4DA-65EF-521D-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009213Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:14:12.248{C36AC009-E4A4-65EF-511D-000000005403}2272C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009212Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:14:12.208{C36AC009-E4A4-65EF-501D-000000005403}376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009211Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:14:12.171{C36AC009-E4A4-65EF-4F1D-000000005403}5040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009210Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:14:12.106{C36AC009-E4A4-65EF-4D1D-000000005403}400C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009209Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:14:09.399{C36AC009-E4A1-65EF-4C1D-000000005403}4136C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009208Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:14:08.643{C36AC009-E4A0-65EF-4B1D-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009207Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:14:07.880{C36AC009-E49F-65EF-4A1D-000000005403}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009206Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:14:07.270{C36AC009-E49F-65EF-491D-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009205Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:14:06.505{C36AC009-E49E-65EF-481D-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009204Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:13:09.403{C36AC009-E465-65EF-471D-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009203Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:13:08.794{C36AC009-E464-65EF-461D-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009202Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:13:08.029{C36AC009-E464-65EF-451D-000000005403}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009201Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:13:07.272{C36AC009-E463-65EF-441D-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009200Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:13:06.507{C36AC009-E462-65EF-431D-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009199Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:12:09.523{C36AC009-E429-65EF-421D-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009198Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:12:08.766{C36AC009-E428-65EF-411D-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009197Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:12:08.000{C36AC009-E428-65EF-401D-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009196Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:12:07.250{C36AC009-E427-65EF-3F1D-000000005403}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009195Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:12:06.492{C36AC009-E426-65EF-3E1D-000000005403}3188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009194Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:11:09.521{C36AC009-E3ED-65EF-3D1D-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009193Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:11:08.756{C36AC009-E3EC-65EF-3C1D-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009192Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:11:07.998{C36AC009-E3EB-65EF-3B1D-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009191Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:11:07.241{C36AC009-E3EB-65EF-3A1D-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009190Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:11:06.491{C36AC009-E3EA-65EF-391D-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009189Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:10:09.388{C36AC009-E3B1-65EF-381D-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009188Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:10:08.613{C36AC009-E3B0-65EF-371D-000000005403}4668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009187Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:10:07.855{C36AC009-E3AF-65EF-361D-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009186Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:10:07.237{C36AC009-E3AF-65EF-351D-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009185Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:10:06.494{C36AC009-E3AE-65EF-341D-000000005403}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009184Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:09:12.242{C36AC009-E378-65EF-331D-000000005403}1300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009183Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:09:12.202{C36AC009-E378-65EF-321D-000000005403}2812C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009182Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:09:12.166{C36AC009-E378-65EF-311D-000000005403}4652C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009181Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:09:12.102{C36AC009-E378-65EF-2F1D-000000005403}3960C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009180Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:09:09.490{C36AC009-E375-65EF-2E1D-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009179Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:09:08.737{C36AC009-E374-65EF-2D1D-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009178Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:09:07.987{C36AC009-E373-65EF-2C1D-000000005403}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009177Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:09:07.237{C36AC009-E373-65EF-2B1D-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009176Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:09:06.475{C36AC009-E372-65EF-2A1D-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009175Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:08:09.380{C36AC009-E339-65EF-291D-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009174Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:08:08.739{C36AC009-E338-65EF-281D-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009173Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:08:07.979{C36AC009-E337-65EF-271D-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009172Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:08:07.219{C36AC009-E337-65EF-261D-000000005403}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009171Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:08:06.459{C36AC009-E336-65EF-251D-000000005403}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009170Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:07:09.474{C36AC009-E2FD-65EF-241D-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009169Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:07:08.724{C36AC009-E2FC-65EF-231D-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009168Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:07:07.974{C36AC009-E2FB-65EF-221D-000000005403}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009167Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:07:07.203{C36AC009-E2FB-65EF-211D-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009166Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:07:06.458{C36AC009-E2FA-65EF-201D-000000005403}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009165Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:06:09.374{C36AC009-E2C1-65EF-1F1D-000000005403}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009164Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:06:08.613{C36AC009-E2C0-65EF-1E1D-000000005403}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009163Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:06:07.852{C36AC009-E2BF-65EF-1D1D-000000005403}3040C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009162Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:06:07.226{C36AC009-E2BF-65EF-1C1D-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009161Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:06:06.465{C36AC009-E2BE-65EF-1B1D-000000005403}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009160Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:05:09.480{C36AC009-E285-65EF-1A1D-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009159Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:05:08.729{C36AC009-E284-65EF-191D-000000005403}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009158Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:05:07.980{C36AC009-E283-65EF-181D-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009157Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:05:07.221{C36AC009-E283-65EF-171D-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009156Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:05:06.455{C36AC009-E282-65EF-161D-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009155Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:04:12.242{C36AC009-E24C-65EF-151D-000000005403}2984C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009154Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:04:12.202{C36AC009-E24C-65EF-141D-000000005403}1016C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009153Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:04:12.166{C36AC009-E24C-65EF-131D-000000005403}3152C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009152Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:04:12.101{C36AC009-E24C-65EF-111D-000000005403}4360C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009151Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:04:09.332{C36AC009-E249-65EF-101D-000000005403}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009150Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:04:08.741{C36AC009-E248-65EF-0F1D-000000005403}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009149Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:04:07.991{C36AC009-E247-65EF-0E1D-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009148Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:04:07.229{C36AC009-E247-65EF-0D1D-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009147Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:04:06.451{C36AC009-E246-65EF-0C1D-000000005403}3700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009146Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:03:09.383{C36AC009-E20D-65EF-0B1D-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009145Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:03:08.618{C36AC009-E20C-65EF-0A1D-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009144Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:03:07.858{C36AC009-E20B-65EF-091D-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009143Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:03:07.186{C36AC009-E20B-65EF-081D-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009142Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:03:06.436{C36AC009-E20A-65EF-071D-000000005403}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009141Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:02:09.400{C36AC009-E1D1-65EF-061D-000000005403}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009140Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:02:08.634{C36AC009-E1D0-65EF-051D-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009139Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:02:07.886{C36AC009-E1CF-65EF-041D-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009138Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:02:07.183{C36AC009-E1CF-65EF-031D-000000005403}1176C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009137Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:02:06.420{C36AC009-E1CE-65EF-021D-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009136Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:01:09.413{C36AC009-E195-65EF-011D-000000005403}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009135Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:01:08.649{C36AC009-E194-65EF-001D-000000005403}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009134Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:01:07.885{C36AC009-E193-65EF-FF1C-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009133Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:01:07.182{C36AC009-E193-65EF-FE1C-000000005403}1404C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009132Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:01:06.418{C36AC009-E192-65EF-FD1C-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009131Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:00:09.450{C36AC009-E159-65EF-FC1C-000000005403}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009130Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:00:08.693{C36AC009-E158-65EF-FB1C-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009129Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:00:07.943{C36AC009-E157-65EF-FA1C-000000005403}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009128Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:00:07.178{C36AC009-E157-65EF-F91C-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009127Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 05:00:06.414{C36AC009-E156-65EF-F81C-000000005403}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009126Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:59:12.226{C36AC009-E120-65EF-F71C-000000005403}2884C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009125Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:59:12.186{C36AC009-E120-65EF-F61C-000000005403}4600C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009124Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:59:12.151{C36AC009-E120-65EF-F51C-000000005403}4788C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009123Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:59:12.087{C36AC009-E120-65EF-F31C-000000005403}2348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009122Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:59:09.316{C36AC009-E11D-65EF-F21C-000000005403}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009121Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:59:08.551{C36AC009-E11C-65EF-F11C-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009120Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:59:07.786{C36AC009-E11B-65EF-F01C-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009119Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:59:07.176{C36AC009-E11B-65EF-EF1C-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009118Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:59:06.411{C36AC009-E11A-65EF-EE1C-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009117Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:58:09.422{C36AC009-E0E1-65EF-ED1C-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009116Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:58:08.656{C36AC009-E0E0-65EF-EC1C-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009115Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:58:07.898{C36AC009-E0DF-65EF-EB1C-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009114Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:58:07.148{C36AC009-E0DF-65EF-EA1C-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009113Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:58:06.398{C36AC009-E0DE-65EF-E91C-000000005403}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009112Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:57:09.424{C36AC009-E0A5-65EF-E81C-000000005403}4136C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009111Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:57:08.658{C36AC009-E0A4-65EF-E71C-000000005403}2376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009110Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:57:07.913{C36AC009-E0A3-65EF-E61C-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009109Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:57:07.146{C36AC009-E0A3-65EF-E51C-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009108Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:57:06.396{C36AC009-E0A2-65EF-E41C-000000005403}3960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009107Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:56:09.393{C36AC009-E069-65EF-E31C-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009106Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:56:08.642{C36AC009-E068-65EF-E21C-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009105Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:56:07.887{C36AC009-E067-65EF-E11C-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009104Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:56:07.136{C36AC009-E067-65EF-E01C-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009103Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:56:06.385{C36AC009-E066-65EF-DF1C-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009102Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:55:09.398{C36AC009-E02D-65EF-DE1C-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009101Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:55:08.646{C36AC009-E02C-65EF-DD1C-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009100Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:55:07.894{C36AC009-E02B-65EF-DC1C-000000005403}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009099Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:55:07.136{C36AC009-E02B-65EF-DB1C-000000005403}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009098Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:55:06.384{C36AC009-E02A-65EF-DA1C-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009097Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:54:12.218{C36AC009-DFF4-65EF-D91C-000000005403}3460C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009096Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:54:12.176{C36AC009-DFF4-65EF-D81C-000000005403}1016C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009095Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:54:12.140{C36AC009-DFF4-65EF-D71C-000000005403}4064C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009094Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:54:12.075{C36AC009-DFF4-65EF-D51C-000000005403}3788C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009093Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:54:09.218{C36AC009-DFF1-65EF-D41C-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009092Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:54:08.466{C36AC009-DFF0-65EF-D31C-000000005403}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009091Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:54:07.714{C36AC009-DFEF-65EF-D21C-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009090Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:54:07.127{C36AC009-DFEF-65EF-D11C-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009089Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:54:06.371{C36AC009-DFEE-65EF-D01C-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009088Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:53:09.380{C36AC009-DFB5-65EF-CF1C-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009087Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:53:08.615{C36AC009-DFB4-65EF-CE1C-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009086Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:53:07.858{C36AC009-DFB3-65EF-CD1C-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009085Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:53:07.108{C36AC009-DFB3-65EF-CC1C-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009084Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:53:06.358{C36AC009-DFB2-65EF-CB1C-000000005403}4668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009083Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:52:09.339{C36AC009-DF79-65EF-CA1C-000000005403}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009082Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:52:08.589{C36AC009-DF78-65EF-C91C-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009081Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:52:07.851{C36AC009-DF77-65EF-C81C-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009080Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:52:07.097{C36AC009-DF77-65EF-C71C-000000005403}2376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009079Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:52:06.347{C36AC009-DF76-65EF-C61C-000000005403}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009078Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:51:09.240{C36AC009-DF3D-65EF-C51C-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009077Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:51:08.599{C36AC009-DF3C-65EF-C41C-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009076Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:51:07.845{C36AC009-DF3B-65EF-C31C-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009075Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:51:07.090{C36AC009-DF3B-65EF-C21C-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009074Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:51:06.340{C36AC009-DF3A-65EF-C11C-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009073Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:50:09.268{C36AC009-DF01-65EF-C01C-000000005403}4964C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009072Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:50:08.591{C36AC009-DF00-65EF-BF1C-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009071Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:50:07.836{C36AC009-DEFF-65EF-BE1C-000000005403}4932C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009070Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:50:07.085{C36AC009-DEFF-65EF-BD1C-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009069Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:50:06.330{C36AC009-DEFE-65EF-BC1C-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009068Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:49:12.200{C36AC009-DEC8-65EF-BB1C-000000005403}1300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009067Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:49:12.161{C36AC009-DEC8-65EF-BA1C-000000005403}4196C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009066Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:49:12.126{C36AC009-DEC8-65EF-B91C-000000005403}1400C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009065Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:49:12.062{C36AC009-DEC8-65EF-B71C-000000005403}1996C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009064Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:49:09.277{C36AC009-DEC5-65EF-B61C-000000005403}4200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009063Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:49:08.592{C36AC009-DEC4-65EF-B51C-000000005403}1484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009062Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:49:07.827{C36AC009-DEC3-65EF-B41C-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009061Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:49:07.061{C36AC009-DEC3-65EF-B31C-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009060Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:49:06.315{C36AC009-DEC2-65EF-B21C-000000005403}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009059Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:48:09.208{C36AC009-DE89-65EF-B11C-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009058Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:48:08.598{C36AC009-DE88-65EF-B01C-000000005403}1404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009057Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:48:07.836{C36AC009-DE87-65EF-AF1C-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009056Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:48:07.070{C36AC009-DE87-65EF-AE1C-000000005403}3660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009055Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:48:06.314{C36AC009-DE86-65EF-AD1C-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009054Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:47:09.214{C36AC009-DE4D-65EF-AC1C-000000005403}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009053Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:47:08.598{C36AC009-DE4C-65EF-AB1C-000000005403}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009052Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:47:07.832{C36AC009-DE4B-65EF-AA1C-000000005403}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009051Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:47:07.060{C36AC009-DE4B-65EF-A91C-000000005403}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009050Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:47:06.310{C36AC009-DE4A-65EF-A81C-000000005403}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009049Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:46:09.185{C36AC009-DE11-65EF-A71C-000000005403}4408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009048Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:46:08.428{C36AC009-DE10-65EF-A61C-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009047Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:46:07.670{C36AC009-DE0F-65EF-A51C-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009046Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:46:07.061{C36AC009-DE0F-65EF-A41C-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009045Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:46:06.311{C36AC009-DE0E-65EF-A31C-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009044Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:45:09.328{C36AC009-DDD5-65EF-A21C-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009043Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:45:08.562{C36AC009-DDD4-65EF-A11C-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009042Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:45:07.811{C36AC009-DDD3-65EF-A01C-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009041Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:45:07.061{C36AC009-DDD3-65EF-9F1C-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009040Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:45:06.308{C36AC009-DDD2-65EF-9E1C-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009039Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:44:12.189{C36AC009-DD9C-65EF-9D1C-000000005403}4364C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009038Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:44:12.150{C36AC009-DD9C-65EF-9C1C-000000005403}4892C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009037Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:44:12.115{C36AC009-DD9C-65EF-9B1C-000000005403}4992C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009036Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:44:12.051{C36AC009-DD9C-65EF-991C-000000005403}664C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009035Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:44:09.334{C36AC009-DD99-65EF-981C-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009034Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:44:08.576{C36AC009-DD98-65EF-971C-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009033Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:44:07.817{C36AC009-DD97-65EF-961C-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009032Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:44:07.067{C36AC009-DD97-65EF-951C-000000005403}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009031Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:44:06.308{C36AC009-DD96-65EF-941C-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009030Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:43:09.273{C36AC009-DD5D-65EF-931C-000000005403}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009029Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:43:08.569{C36AC009-DD5C-65EF-921C-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009028Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:43:07.825{C36AC009-DD5B-65EF-911C-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009027Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:43:07.059{C36AC009-DD5B-65EF-901C-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009026Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:43:06.294{C36AC009-DD5A-65EF-8F1C-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009025Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:42:09.310{C36AC009-DD21-65EF-8E1C-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009024Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:42:08.560{C36AC009-DD20-65EF-8D1C-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009023Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:42:07.808{C36AC009-DD1F-65EF-8C1C-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009022Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:42:07.048{C36AC009-DD1F-65EF-8B1C-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009021Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:42:06.290{C36AC009-DD1E-65EF-8A1C-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009020Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:41:09.163{C36AC009-DCE5-65EF-891C-000000005403}3436C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009019Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:41:08.563{C36AC009-DCE4-65EF-881C-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009018Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:41:07.797{C36AC009-DCE3-65EF-871C-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009017Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:41:07.032{C36AC009-DCE3-65EF-861C-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009016Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:41:06.275{C36AC009-DCE2-65EF-851C-000000005403}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009015Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:40:09.174{C36AC009-DCA9-65EF-841C-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009014Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:40:08.418{C36AC009-DCA8-65EF-831C-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009013Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:40:07.652{C36AC009-DCA7-65EF-821C-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009012Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:40:07.043{C36AC009-DCA7-65EF-811C-000000005403}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009011Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:40:06.271{C36AC009-DCA6-65EF-801C-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009010Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:39:12.180{C36AC009-DC70-65EF-7F1C-000000005403}3816C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009009Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:39:12.141{C36AC009-DC70-65EF-7E1C-000000005403}4256C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009008Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:39:12.105{C36AC009-DC70-65EF-7D1C-000000005403}1132C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009007Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:39:12.039{C36AC009-DC70-65EF-7B1C-000000005403}3052C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000009006Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:39:09.214{C36AC009-DC6D-65EF-7A1C-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009005Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:39:08.514{C36AC009-DC6C-65EF-791C-000000005403}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009004Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:39:07.768{C36AC009-DC6B-65EF-781C-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009003Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:39:07.018{C36AC009-DC6B-65EF-771C-000000005403}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009002Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:39:06.257{C36AC009-DC6A-65EF-761C-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009001Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:38:09.192{C36AC009-DC31-65EF-751C-000000005403}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000009000Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:38:08.442{C36AC009-DC30-65EF-741C-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008999Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:38:07.680{C36AC009-DC2F-65EF-731C-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008998Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:38:07.011{C36AC009-DC2F-65EF-721C-000000005403}372C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008997Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:38:06.245{C36AC009-DC2E-65EF-711C-000000005403}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008996Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:37:09.177{C36AC009-DBF5-65EF-701C-000000005403}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008995Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:37:08.505{C36AC009-DBF4-65EF-6F1C-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008994Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:37:07.759{C36AC009-DBF3-65EF-6E1C-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008993Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:37:07.009{C36AC009-DBF3-65EF-6D1C-000000005403}2908C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008992Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:37:06.243{C36AC009-DBF2-65EF-6C1C-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008991Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:36:09.202{C36AC009-DBB9-65EF-6B1C-000000005403}1140C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008990Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:36:08.438{C36AC009-DBB8-65EF-6A1C-000000005403}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008989Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:36:07.673{C36AC009-DBB7-65EF-691C-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008988Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:36:07.004{C36AC009-DBB7-65EF-681C-000000005403}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008987Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:36:06.239{C36AC009-DBB6-65EF-671C-000000005403}1948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008986Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:35:09.177{C36AC009-DB7D-65EF-661C-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008985Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:35:08.430{C36AC009-DB7C-65EF-651C-000000005403}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008984Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:35:07.665{C36AC009-DB7B-65EF-641C-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008983Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:35:06.993{C36AC009-DB7A-65EF-631C-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008982Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:35:06.229{C36AC009-DB7A-65EF-621C-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008981Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:34:12.163{C36AC009-DB44-65EF-611C-000000005403}2496C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008980Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:34:12.125{C36AC009-DB44-65EF-601C-000000005403}876C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008979Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:34:12.090{C36AC009-DB44-65EF-5F1C-000000005403}4836C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008978Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:34:12.025{C36AC009-DB44-65EF-5D1C-000000005403}3352C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008977Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:34:09.113{C36AC009-DB41-65EF-5C1C-000000005403}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008976Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:34:08.347{C36AC009-DB40-65EF-5B1C-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008975Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:34:07.583{C36AC009-DB3F-65EF-5A1C-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008974Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:34:06.989{C36AC009-DB3E-65EF-591C-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008973Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:34:06.223{C36AC009-DB3E-65EF-581C-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008972Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:33:09.212{C36AC009-DB05-65EF-571C-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008971Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:33:08.462{C36AC009-DB04-65EF-561C-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008970Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:33:07.712{C36AC009-DB03-65EF-551C-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008969Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:33:06.962{C36AC009-DB02-65EF-541C-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008968Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:33:06.212{C36AC009-DB02-65EF-531C-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008967Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:32:09.215{C36AC009-DAC9-65EF-521C-000000005403}4500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008966Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:32:08.465{C36AC009-DAC8-65EF-511C-000000005403}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008965Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:32:07.715{C36AC009-DAC7-65EF-501C-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008964Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:32:06.965{C36AC009-DAC6-65EF-4F1C-000000005403}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008963Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:32:06.199{C36AC009-DAC6-65EF-4E1C-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008962Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:31:09.133{C36AC009-DA8D-65EF-4D1C-000000005403}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008961Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:31:08.381{C36AC009-DA8C-65EF-4C1C-000000005403}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008960Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:31:07.632{C36AC009-DA8B-65EF-4B1C-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008959Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:31:06.960{C36AC009-DA8A-65EF-4A1C-000000005403}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008958Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:31:06.200{C36AC009-DA8A-65EF-491C-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008957Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:30:09.207{C36AC009-DA51-65EF-481C-000000005403}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008956Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:30:08.440{C36AC009-DA50-65EF-471C-000000005403}4176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008955Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:30:07.689{C36AC009-DA4F-65EF-461C-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008954Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:30:06.939{C36AC009-DA4E-65EF-451C-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008953Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:30:06.187{C36AC009-DA4E-65EF-441C-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008952Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:29:12.155{C36AC009-DA18-65EF-431C-000000005403}2476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008951Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:29:12.117{C36AC009-DA18-65EF-421C-000000005403}3188C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008950Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:29:12.082{C36AC009-DA18-65EF-411C-000000005403}3132C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008949Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:29:12.017{C36AC009-DA18-65EF-3F1C-000000005403}4768C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008948Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:29:09.095{C36AC009-DA15-65EF-3E1C-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008947Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:29:08.342{C36AC009-DA14-65EF-3D1C-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008946Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:29:07.593{C36AC009-DA13-65EF-3C1C-000000005403}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008945Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:29:06.936{C36AC009-DA12-65EF-3B1C-000000005403}3596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008944Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:29:06.182{C36AC009-DA12-65EF-3A1C-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008943Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:28:09.142{C36AC009-D9D9-65EF-391C-000000005403}1404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008942Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:28:08.438{C36AC009-D9D8-65EF-381C-000000005403}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008941Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:28:07.682{C36AC009-D9D7-65EF-371C-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008940Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:28:06.932{C36AC009-D9D6-65EF-361C-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008939Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:28:06.182{C36AC009-D9D6-65EF-351C-000000005403}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008938Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:27:09.205{C36AC009-D99D-65EF-341C-000000005403}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008937Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:27:08.439{C36AC009-D99C-65EF-331C-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008936Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:27:07.685{C36AC009-D99B-65EF-321C-000000005403}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008935Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:27:06.932{C36AC009-D99A-65EF-311C-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008934Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:27:06.182{C36AC009-D99A-65EF-301C-000000005403}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008933Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:26:09.191{C36AC009-D961-65EF-2F1C-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008932Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:26:08.422{C36AC009-D960-65EF-2E1C-000000005403}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008931Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:26:07.672{C36AC009-D95F-65EF-2D1C-000000005403}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008930Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:26:06.933{C36AC009-D95E-65EF-2C1C-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008929Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:26:06.179{C36AC009-D95E-65EF-2B1C-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008928Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:25:09.208{C36AC009-D925-65EF-291C-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008927Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:25:08.438{C36AC009-D924-65EF-281C-000000005403}4932C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008926Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:25:07.683{C36AC009-D923-65EF-271C-000000005403}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008925Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:25:06.917{C36AC009-D922-65EF-261C-000000005403}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008924Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:25:06.162{C36AC009-D922-65EF-251C-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008922Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:24:12.148{C36AC009-D8EC-65EF-241C-000000005403}3480C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008921Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:24:12.108{C36AC009-D8EC-65EF-231C-000000005403}1540C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008920Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:24:12.071{C36AC009-D8EC-65EF-221C-000000005403}3864C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008919Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:24:12.007{C36AC009-D8EC-65EF-201C-000000005403}4752C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008918Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:24:09.096{C36AC009-D8E9-65EF-1F1C-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008917Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:24:08.419{C36AC009-D8E8-65EF-1E1C-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008916Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:24:07.653{C36AC009-D8E7-65EF-1D1C-000000005403}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008915Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:24:06.903{C36AC009-D8E6-65EF-1C1C-000000005403}4744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008914Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:24:06.143{C36AC009-D8E6-65EF-1B1C-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008913Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:23:09.123{C36AC009-D8AD-65EF-1A1C-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008912Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:23:08.382{C36AC009-D8AC-65EF-191C-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008911Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:23:07.632{C36AC009-D8AB-65EF-181C-000000005403}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008910Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:23:06.877{C36AC009-D8AA-65EF-171C-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008909Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:23:06.137{C36AC009-D8AA-65EF-161C-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008908Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:22:09.029{C36AC009-D871-65EF-151C-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008907Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:22:08.382{C36AC009-D870-65EF-141C-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008906Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:22:07.625{C36AC009-D86F-65EF-131C-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008905Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:22:06.875{C36AC009-D86E-65EF-121C-000000005403}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008904Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:22:06.125{C36AC009-D86E-65EF-111C-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008903Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:21:09.125{C36AC009-D835-65EF-101C-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008902Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:21:08.382{C36AC009-D834-65EF-0F1C-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008901Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:21:07.632{C36AC009-D833-65EF-0E1C-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008900Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:21:06.875{C36AC009-D832-65EF-0D1C-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008899Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:21:06.134{C36AC009-D832-65EF-0C1C-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008898Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:20:09.007{C36AC009-D7F9-65EF-0B1C-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008897Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:20:08.374{C36AC009-D7F8-65EF-0A1C-000000005403}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008896Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:20:07.632{C36AC009-D7F7-65EF-091C-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008895Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:20:06.882{C36AC009-D7F6-65EF-081C-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008894Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:20:06.124{C36AC009-D7F6-65EF-071C-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008893Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:19:12.135{C36AC009-D7C0-65EF-061C-000000005403}1540C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008892Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:19:12.096{C36AC009-D7C0-65EF-051C-000000005403}508C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008891Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:19:12.060{C36AC009-D7C0-65EF-041C-000000005403}4964C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008890Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:19:11.995{C36AC009-D7BF-65EF-021C-000000005403}4664C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008889Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:19:09.111{C36AC009-D7BD-65EF-011C-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008888Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:19:08.407{C36AC009-D7BC-65EF-001C-000000005403}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008887Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:19:07.641{C36AC009-D7BB-65EF-FF1B-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008886Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:19:06.875{C36AC009-D7BA-65EF-FE1B-000000005403}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008885Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:19:06.109{C36AC009-D7BA-65EF-FD1B-000000005403}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008884Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:18:09.133{C36AC009-D781-65EF-FC1B-000000005403}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008883Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:18:08.384{C36AC009-D780-65EF-FB1B-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008882Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:18:07.634{C36AC009-D77F-65EF-FA1B-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008881Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:18:06.860{C36AC009-D77E-65EF-F91B-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008880Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:18:06.100{C36AC009-D77E-65EF-F81B-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008878Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:17:08.974{C36AC009-D744-65EF-F71B-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008877Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:17:08.220{C36AC009-D744-65EF-F61B-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008876Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:17:07.470{C36AC009-D743-65EF-F51B-000000005403}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008875Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:17:06.861{C36AC009-D742-65EF-F41B-000000005403}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008874Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:17:06.101{C36AC009-D742-65EF-F31B-000000005403}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008873Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:16:08.950{C36AC009-D708-65EF-F21B-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008872Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:16:08.212{C36AC009-D708-65EF-F11B-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008871Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:16:07.446{C36AC009-D707-65EF-F01B-000000005403}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008870Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:16:06.852{C36AC009-D706-65EF-EF1B-000000005403}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008869Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:16:06.092{C36AC009-D706-65EF-EE1B-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008868Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:15:08.982{C36AC009-D6CC-65EF-ED1B-000000005403}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008867Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:15:08.237{C36AC009-D6CC-65EF-EC1B-000000005403}2164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008866Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:15:07.477{C36AC009-D6CB-65EF-EB1B-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008865Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:15:06.836{C36AC009-D6CA-65EF-EA1B-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008864Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:15:06.086{C36AC009-D6CA-65EF-E91B-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008863Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:14:12.131{C36AC009-D694-65EF-E81B-000000005403}4548C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008862Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:14:12.092{C36AC009-D694-65EF-E71B-000000005403}4792C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008861Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:14:12.056{C36AC009-D694-65EF-E61B-000000005403}3644C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008860Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:14:11.992{C36AC009-D693-65EF-E41B-000000005403}2940C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008859Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:14:09.005{C36AC009-D691-65EF-E31B-000000005403}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008858Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:14:08.239{C36AC009-D690-65EF-E21B-000000005403}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008857Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:14:07.478{C36AC009-D68F-65EF-E11B-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008856Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:14:06.826{C36AC009-D68E-65EF-E01B-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008855Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:14:06.076{C36AC009-D68E-65EF-DF1B-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008854Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:13:09.131{C36AC009-D655-65EF-DE1B-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008853Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:13:08.354{C36AC009-D654-65EF-DD1B-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008852Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:13:07.592{C36AC009-D653-65EF-DC1B-000000005403}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008851Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:13:06.842{C36AC009-D652-65EF-DB1B-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008850Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:13:06.085{C36AC009-D652-65EF-DA1B-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008849Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:12:08.939{C36AC009-D618-65EF-D91B-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008848Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:12:08.174{C36AC009-D618-65EF-D81B-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008847Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:12:07.414{C36AC009-D617-65EF-D71B-000000005403}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008846Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:12:06.820{C36AC009-D616-65EF-D61B-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008845Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:12:06.070{C36AC009-D616-65EF-D51B-000000005403}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008844Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:11:09.073{C36AC009-D5DD-65EF-D41B-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008843Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:11:08.325{C36AC009-D5DC-65EF-D31B-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008842Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:11:07.575{C36AC009-D5DB-65EF-D21B-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008841Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:11:06.827{C36AC009-D5DA-65EF-D11B-000000005403}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008840Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:11:06.064{C36AC009-D5DA-65EF-D01B-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008839Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:10:09.022{C36AC009-D5A1-65EF-CF1B-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008838Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:10:08.242{C36AC009-D5A0-65EF-CE1B-000000005403}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008837Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:10:07.479{C36AC009-D59F-65EF-CD1B-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008836Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:10:06.822{C36AC009-D59E-65EF-CC1B-000000005403}1732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008835Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:10:06.056{C36AC009-D59E-65EF-CB1B-000000005403}2164C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008834Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:09:12.122{C36AC009-D568-65EF-CA1B-000000005403}4756C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008833Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:09:12.082{C36AC009-D568-65EF-C91B-000000005403}2200C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008832Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:09:12.045{C36AC009-D568-65EF-C81B-000000005403}3220C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008831Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:09:11.981{C36AC009-D567-65EF-C61B-000000005403}3468C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008830Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:09:08.963{C36AC009-D564-65EF-C51B-000000005403}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008829Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:09:08.198{C36AC009-D564-65EF-C41B-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008828Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:09:07.434{C36AC009-D563-65EF-C31B-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008827Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:09:06.794{C36AC009-D562-65EF-C21B-000000005403}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008826Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:09:06.044{C36AC009-D562-65EF-C11B-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008825Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:08:08.970{C36AC009-D528-65EF-C01B-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008824Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:08:08.212{C36AC009-D528-65EF-BF1B-000000005403}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008823Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:08:07.462{C36AC009-D527-65EF-BE1B-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008822Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:08:06.790{C36AC009-D526-65EF-BD1B-000000005403}4420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008821Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:08:06.026{C36AC009-D526-65EF-BC1B-000000005403}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008819Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:07:09.063{C36AC009-D4ED-65EF-BA1B-000000005403}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008818Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:07:08.298{C36AC009-D4EC-65EF-B91B-000000005403}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008817Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:07:07.548{C36AC009-D4EB-65EF-B81B-000000005403}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008816Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:07:06.783{C36AC009-D4EA-65EF-B71B-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008815Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:07:06.017{C36AC009-D4EA-65EF-B61B-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008814Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:06:08.912{C36AC009-D4B0-65EF-B51B-000000005403}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008813Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:06:08.253{C36AC009-D4B0-65EF-B41B-000000005403}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008812Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:06:07.503{C36AC009-D4AF-65EF-B31B-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008811Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:06:06.753{C36AC009-D4AE-65EF-B21B-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008810Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:06:06.002{C36AC009-D4AE-65EF-B11B-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008809Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:05:08.875{C36AC009-D474-65EF-B01B-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008808Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:05:08.107{C36AC009-D474-65EF-AF1B-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008807Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:05:07.357{C36AC009-D473-65EF-AE1B-000000005403}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008806Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:05:06.747{C36AC009-D472-65EF-AD1B-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008805Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:05:05.996{C36AC009-D471-65EF-AC1B-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008804Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:04:12.113{C36AC009-D43C-65EF-AB1B-000000005403}3292C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008803Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:04:12.072{C36AC009-D43C-65EF-AA1B-000000005403}4608C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008802Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:04:12.037{C36AC009-D43C-65EF-A91B-000000005403}2912C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008801Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:04:11.971{C36AC009-D43B-65EF-A71B-000000005403}4864C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008800Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:04:08.977{C36AC009-D438-65EF-A61B-000000005403}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008799Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:04:08.227{C36AC009-D438-65EF-A51B-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008798Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:04:07.486{C36AC009-D437-65EF-A41B-000000005403}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008797Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:04:06.751{C36AC009-D436-65EF-A31B-000000005403}4404C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008796Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:04:05.986{C36AC009-D435-65EF-A21B-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008795Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:03:08.946{C36AC009-D3FC-65EF-A11B-000000005403}3748C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008794Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:03:08.180{C36AC009-D3FC-65EF-A01B-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008793Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:03:07.428{C36AC009-D3FB-65EF-9F1B-000000005403}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008792Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:03:06.738{C36AC009-D3FA-65EF-9E1B-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008791Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:03:05.985{C36AC009-D3F9-65EF-9D1B-000000005403}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008790Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:02:08.994{C36AC009-D3C0-65EF-9C1B-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008789Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:02:08.238{C36AC009-D3C0-65EF-9B1B-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008788Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:02:07.492{C36AC009-D3BF-65EF-9A1B-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008787Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:02:06.737{C36AC009-D3BE-65EF-991B-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008786Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:02:05.981{C36AC009-D3BD-65EF-981B-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008785Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:01:08.901{C36AC009-D384-65EF-971B-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008784Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:01:08.241{C36AC009-D384-65EF-961B-000000005403}2376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008783Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:01:07.499{C36AC009-D383-65EF-951B-000000005403}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008782Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:01:06.733{C36AC009-D382-65EF-941B-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008781Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:01:05.966{C36AC009-D381-65EF-931B-000000005403}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008780Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:00:08.885{C36AC009-D348-65EF-921B-000000005403}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008779Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:00:08.116{C36AC009-D348-65EF-911B-000000005403}1504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008778Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:00:07.366{C36AC009-D347-65EF-901B-000000005403}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008777Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:00:06.700{C36AC009-D346-65EF-8F1B-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008776Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 04:00:05.945{C36AC009-D345-65EF-8E1B-000000005403}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008775Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:59:12.100{C36AC009-D310-65EF-8D1B-000000005403}2300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008774Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:59:12.060{C36AC009-D310-65EF-8C1B-000000005403}4916C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008773Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:59:12.023{C36AC009-D310-65EF-8B1B-000000005403}4824C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008772Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:59:11.958{C36AC009-D30F-65EF-891B-000000005403}2152C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008771Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:59:08.860{C36AC009-D30C-65EF-881B-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008770Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:59:08.095{C36AC009-D30C-65EF-871B-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008769Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:59:07.341{C36AC009-D30B-65EF-861B-000000005403}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008768Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:59:06.695{C36AC009-D30A-65EF-851B-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008767Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:59:05.940{C36AC009-D309-65EF-841B-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008766Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:58:08.957{C36AC009-D2D0-65EF-831B-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008765Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:58:08.201{C36AC009-D2D0-65EF-821B-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008764Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:58:07.451{C36AC009-D2CF-65EF-811B-000000005403}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008763Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:58:06.696{C36AC009-D2CE-65EF-801B-000000005403}4924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008762Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:58:05.938{C36AC009-D2CD-65EF-7F1B-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008761Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:57:08.955{C36AC009-D294-65EF-7E1B-000000005403}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008760Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:57:08.199{C36AC009-D294-65EF-7D1B-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008759Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:57:07.443{C36AC009-D293-65EF-7C1B-000000005403}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008758Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:57:06.693{C36AC009-D292-65EF-7B1B-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008757Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:57:05.931{C36AC009-D291-65EF-7A1B-000000005403}3436C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008756Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:56:08.947{C36AC009-D258-65EF-791B-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008755Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:56:08.190{C36AC009-D258-65EF-781B-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008754Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:56:07.440{C36AC009-D257-65EF-771B-000000005403}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008753Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:56:06.684{C36AC009-D256-65EF-761B-000000005403}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008752Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:56:05.919{C36AC009-D255-65EF-751B-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008751Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:55:08.834{C36AC009-D21C-65EF-741B-000000005403}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008750Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:55:08.092{C36AC009-D21C-65EF-731B-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008749Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:55:07.335{C36AC009-D21B-65EF-721B-000000005403}3524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008748Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:55:06.663{C36AC009-D21A-65EF-711B-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008747Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:55:05.895{C36AC009-D219-65EF-701B-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008746Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:54:12.089{C36AC009-D1E4-65EF-6F1B-000000005403}4100C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008745Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:54:12.049{C36AC009-D1E4-65EF-6E1B-000000005403}840C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008744Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:54:12.012{C36AC009-D1E4-65EF-6D1B-000000005403}3188C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008743Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:54:11.947{C36AC009-D1E3-65EF-6B1B-000000005403}3004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008742Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:54:08.916{C36AC009-D1E0-65EF-6A1B-000000005403}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008741Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:54:08.162{C36AC009-D1E0-65EF-691B-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008740Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:54:07.404{C36AC009-D1DF-65EF-681B-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008739Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:54:06.646{C36AC009-D1DE-65EF-671B-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008738Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:54:05.880{C36AC009-D1DD-65EF-661B-000000005403}4864C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008737Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:53:08.920{C36AC009-D1A4-65EF-651B-000000005403}3040C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008736Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:53:08.153{C36AC009-D1A4-65EF-641B-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008735Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:53:07.387{C36AC009-D1A3-65EF-631B-000000005403}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008734Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:53:06.629{C36AC009-D1A2-65EF-621B-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008733Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:53:05.886{C36AC009-D1A1-65EF-611B-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008732Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:52:08.814{C36AC009-D168-65EF-601B-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008731Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:52:08.158{C36AC009-D168-65EF-5F1B-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008730Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:52:07.408{C36AC009-D167-65EF-5E1B-000000005403}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008729Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:52:06.642{C36AC009-D166-65EF-5D1B-000000005403}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008728Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:52:05.891{C36AC009-D165-65EF-5C1B-000000005403}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008727Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:51:08.930{C36AC009-D12C-65EF-5B1B-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008726Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:51:08.165{C36AC009-D12C-65EF-5A1B-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008725Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:51:07.399{C36AC009-D12B-65EF-591B-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008724Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:51:06.640{C36AC009-D12A-65EF-581B-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008723Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:51:05.880{C36AC009-D129-65EF-571B-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008722Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:50:08.915{C36AC009-D0F0-65EF-561B-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008721Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:50:08.155{C36AC009-D0F0-65EF-551B-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008720Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:50:07.396{C36AC009-D0EF-65EF-541B-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008719Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:50:06.636{C36AC009-D0EE-65EF-531B-000000005403}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008718Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:50:05.876{C36AC009-D0ED-65EF-521B-000000005403}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008717Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:49:12.073{C36AC009-D0B8-65EF-511B-000000005403}4468C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008716Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:49:12.034{C36AC009-D0B8-65EF-501B-000000005403}368C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008715Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:49:11.997{C36AC009-D0B7-65EF-4F1B-000000005403}5000C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008714Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:49:11.933{C36AC009-D0B7-65EF-4D1B-000000005403}2980C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008713Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:49:08.839{C36AC009-D0B4-65EF-4C1B-000000005403}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008712Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:49:08.078{C36AC009-D0B4-65EF-4B1B-000000005403}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008711Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:49:07.323{C36AC009-D0B3-65EF-4A1B-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008710Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:49:06.635{C36AC009-D0B2-65EF-491B-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008709Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:49:05.874{C36AC009-D0B1-65EF-481B-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008708Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:48:08.912{C36AC009-D078-65EF-471B-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008707Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:48:08.150{C36AC009-D078-65EF-461B-000000005403}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008706Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:48:07.385{C36AC009-D077-65EF-451B-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008705Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:48:06.623{C36AC009-D076-65EF-441B-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008704Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:48:05.862{C36AC009-D075-65EF-431B-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008703Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:47:08.747{C36AC009-D03C-65EF-421B-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008702Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:47:08.125{C36AC009-D03C-65EF-411B-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008701Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:47:07.378{C36AC009-D03B-65EF-401B-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008700Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:47:06.616{C36AC009-D03A-65EF-3F1B-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008699Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:47:05.854{C36AC009-D039-65EF-3E1B-000000005403}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008698Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:46:08.808{C36AC009-D000-65EF-3D1B-000000005403}4952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008697Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:46:08.033{C36AC009-D000-65EF-3C1B-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008696Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:46:07.267{C36AC009-CFFF-65EF-3B1B-000000005403}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008695Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:46:06.594{C36AC009-CFFE-65EF-3A1B-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008694Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:46:05.831{C36AC009-CFFD-65EF-391B-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008693Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:45:08.847{C36AC009-CFC4-65EF-381B-000000005403}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008692Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:45:08.081{C36AC009-CFC4-65EF-371B-000000005403}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008691Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:45:07.331{C36AC009-CFC3-65EF-361B-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008690Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:45:06.570{C36AC009-CFC2-65EF-351B-000000005403}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008689Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:45:05.820{C36AC009-CFC1-65EF-341B-000000005403}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008688Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:44:12.070{C36AC009-CF8C-65EF-331B-000000005403}3820C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008687Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:44:12.030{C36AC009-CF8C-65EF-321B-000000005403}1796C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008686Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:44:11.993{C36AC009-CF8B-65EF-311B-000000005403}4460C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008685Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:44:11.929{C36AC009-CF8B-65EF-2F1B-000000005403}4260C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008684Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:44:08.866{C36AC009-CF88-65EF-2E1B-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008683Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:44:08.118{C36AC009-CF88-65EF-2D1B-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008682Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:44:07.353{C36AC009-CF87-65EF-2C1B-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008681Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:44:06.584{C36AC009-CF86-65EF-2B1B-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008680Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:44:05.822{C36AC009-CF85-65EF-2A1B-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008679Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:43:08.833{C36AC009-CF4C-65EF-291B-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008678Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:43:08.083{C36AC009-CF4C-65EF-281B-000000005403}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008677Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:43:07.319{C36AC009-CF4B-65EF-271B-000000005403}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008676Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:43:06.562{C36AC009-CF4A-65EF-261B-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008675Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:43:05.812{C36AC009-CF49-65EF-251B-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008674Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:42:08.843{C36AC009-CF10-65EF-241B-000000005403}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008673Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:42:08.078{C36AC009-CF10-65EF-231B-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008672Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:42:07.313{C36AC009-CF0F-65EF-221B-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008671Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:42:06.563{C36AC009-CF0E-65EF-211B-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008670Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:42:05.807{C36AC009-CF0D-65EF-201B-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008669Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:41:08.822{C36AC009-CED4-65EF-1F1B-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008668Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:41:08.072{C36AC009-CED4-65EF-1E1B-000000005403}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008667Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:41:07.307{C36AC009-CED3-65EF-1D1B-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008666Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:41:06.541{C36AC009-CED2-65EF-1C1B-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008665Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:41:05.786{C36AC009-CED1-65EF-1B1B-000000005403}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008664Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:40:08.730{C36AC009-CE98-65EF-1A1B-000000005403}2376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008663Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:40:07.963{C36AC009-CE97-65EF-191B-000000005403}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008662Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:40:07.214{C36AC009-CE97-65EF-181B-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008661Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:40:06.556{C36AC009-CE96-65EF-171B-000000005403}3524C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008660Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:40:05.790{C36AC009-CE95-65EF-161B-000000005403}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008659Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:39:12.053{C36AC009-CE60-65EF-151B-000000005403}4984C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008658Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:39:12.015{C36AC009-CE60-65EF-141B-000000005403}4468C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008657Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:39:11.978{C36AC009-CE5F-65EF-131B-000000005403}92C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008656Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:39:11.914{C36AC009-CE5F-65EF-111B-000000005403}2416C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008655Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:39:08.685{C36AC009-CE5C-65EF-101B-000000005403}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008654Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:39:08.059{C36AC009-CE5C-65EF-0F1B-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008653Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:39:07.293{C36AC009-CE5B-65EF-0E1B-000000005403}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008652Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:39:06.542{C36AC009-CE5A-65EF-0D1B-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008651Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:39:05.790{C36AC009-CE59-65EF-0C1B-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008650Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:38:08.666{C36AC009-CE20-65EF-0B1B-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008649Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:38:08.056{C36AC009-CE20-65EF-0A1B-000000005403}4996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008648Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:38:07.288{C36AC009-CE1F-65EF-091B-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008647Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:38:06.536{C36AC009-CE1E-65EF-081B-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008646Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:38:05.786{C36AC009-CE1D-65EF-071B-000000005403}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008645Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:37:08.815{C36AC009-CDE4-65EF-061B-000000005403}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008644Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:37:08.061{C36AC009-CDE4-65EF-051B-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008643Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:37:07.311{C36AC009-CDE3-65EF-041B-000000005403}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008642Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:37:06.543{C36AC009-CDE2-65EF-031B-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008641Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:37:05.791{C36AC009-CDE1-65EF-021B-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008640Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:36:08.706{C36AC009-CDA8-65EF-011B-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008639Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:36:08.063{C36AC009-CDA8-65EF-001B-000000005403}2200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008638Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:36:07.297{C36AC009-CDA7-65EF-FF1A-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008637Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:36:06.544{C36AC009-CDA6-65EF-FE1A-000000005403}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008636Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:36:05.791{C36AC009-CDA5-65EF-FD1A-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008635Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:35:08.691{C36AC009-CD6C-65EF-FC1A-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008634Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:35:08.051{C36AC009-CD6C-65EF-FB1A-000000005403}2124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008633Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:35:07.281{C36AC009-CD6B-65EF-FA1A-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008632Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:35:06.528{C36AC009-CD6A-65EF-F91A-000000005403}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008631Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:35:05.778{C36AC009-CD69-65EF-F81A-000000005403}3524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008630Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:34:12.043{C36AC009-CD34-65EF-F71A-000000005403}892C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008629Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:34:12.004{C36AC009-CD34-65EF-F61A-000000005403}912C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008628Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:34:11.968{C36AC009-CD33-65EF-F51A-000000005403}4628C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008627Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:34:11.904{C36AC009-CD33-65EF-F31A-000000005403}5032C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008626Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:34:08.671{C36AC009-CD30-65EF-F21A-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008625Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:34:08.057{C36AC009-CD30-65EF-F11A-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008624Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:34:07.303{C36AC009-CD2F-65EF-F01A-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008623Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:34:06.538{C36AC009-CD2E-65EF-EF1A-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008622Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:34:05.783{C36AC009-CD2D-65EF-EE1A-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008621Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:33:08.633{C36AC009-CCF4-65EF-ED1A-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008620Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:33:08.035{C36AC009-CCF4-65EF-EC1A-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008619Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:33:07.280{C36AC009-CCF3-65EF-EB1A-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008618Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:33:06.530{C36AC009-CCF2-65EF-EA1A-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008617Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:33:05.775{C36AC009-CCF1-65EF-E91A-000000005403}3056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008616Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:32:08.651{C36AC009-CCB8-65EF-E81A-000000005403}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008615Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:32:08.057{C36AC009-CCB8-65EF-E71A-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008614Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:32:07.291{C36AC009-CCB7-65EF-E61A-000000005403}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008613Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:32:06.540{C36AC009-CCB6-65EF-E51A-000000005403}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008612Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:32:05.774{C36AC009-CCB5-65EF-E41A-000000005403}3436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008611Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:31:08.708{C36AC009-CC7C-65EF-E31A-000000005403}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008610Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:31:07.952{C36AC009-CC7B-65EF-E21A-000000005403}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008609Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:31:07.212{C36AC009-CC7B-65EF-E11A-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008608Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:31:06.524{C36AC009-CC7A-65EF-E01A-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008607Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:31:05.768{C36AC009-CC79-65EF-DF1A-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008606Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:30:08.782{C36AC009-CC40-65EF-DE1A-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008605Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:30:08.032{C36AC009-CC40-65EF-DD1A-000000005403}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008604Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:30:07.282{C36AC009-CC3F-65EF-DC1A-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008603Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:30:06.530{C36AC009-CC3E-65EF-DB1A-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008602Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:30:05.765{C36AC009-CC3D-65EF-DA1A-000000005403}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008601Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:29:12.033{C36AC009-CC08-65EF-D91A-000000005403}4288C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008600Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:29:11.994{C36AC009-CC07-65EF-D81A-000000005403}5076C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008599Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:29:11.958{C36AC009-CC07-65EF-D71A-000000005403}3436C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008598Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:29:11.893{C36AC009-CC07-65EF-D51A-000000005403}4536C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008597Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:29:08.789{C36AC009-CC04-65EF-D41A-000000005403}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008596Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:29:08.032{C36AC009-CC04-65EF-D31A-000000005403}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008595Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:29:07.266{C36AC009-CC03-65EF-D21A-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008594Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:29:06.509{C36AC009-CC02-65EF-D11A-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008593Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:29:05.752{C36AC009-CC01-65EF-D01A-000000005403}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008592Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:28:08.771{C36AC009-CBC8-65EF-CF1A-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008591Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:28:08.005{C36AC009-CBC8-65EF-CE1A-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008590Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:28:07.257{C36AC009-CBC7-65EF-CD1A-000000005403}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008589Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:28:06.506{C36AC009-CBC6-65EF-CC1A-000000005403}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008588Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:28:05.740{C36AC009-CBC5-65EF-CB1A-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008587Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:27:08.763{C36AC009-CB8C-65EF-CA1A-000000005403}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008586Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:27:08.004{C36AC009-CB8C-65EF-C91A-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008585Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:27:07.246{C36AC009-CB8B-65EF-C81A-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008584Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:27:06.480{C36AC009-CB8A-65EF-C71A-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008583Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:27:05.722{C36AC009-CB89-65EF-C61A-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008582Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:26:08.782{C36AC009-CB50-65EF-C51A-000000005403}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008581Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:26:08.010{C36AC009-CB50-65EF-C41A-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008580Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:26:07.244{C36AC009-CB4F-65EF-C31A-000000005403}4796C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008579Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:26:06.478{C36AC009-CB4E-65EF-C21A-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008578Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:26:05.710{C36AC009-CB4D-65EF-C11A-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008577Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:25:08.692{C36AC009-CB14-65EF-C01A-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008576Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:25:07.973{C36AC009-CB13-65EF-BF1A-000000005403}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008575Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:25:07.213{C36AC009-CB13-65EF-BE1A-000000005403}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008574Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:25:06.453{C36AC009-CB12-65EF-BD1A-000000005403}4924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008573Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:25:05.703{C36AC009-CB11-65EF-BC1A-000000005403}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008572Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:24:12.023{C36AC009-CADC-65EF-BB1A-000000005403}4828C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008571Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:24:11.983{C36AC009-CADB-65EF-BA1A-000000005403}2908C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008570Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:24:11.946{C36AC009-CADB-65EF-B91A-000000005403}2736C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008569Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:24:11.881{C36AC009-CADB-65EF-B71A-000000005403}4512C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008568Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:24:08.570{C36AC009-CAD8-65EF-B61A-000000005403}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008567Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:24:07.981{C36AC009-CAD7-65EF-B51A-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008566Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:24:07.216{C36AC009-CAD7-65EF-B41A-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008565Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:24:06.455{C36AC009-CAD6-65EF-B31A-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008564Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:24:05.695{C36AC009-CAD5-65EF-B21A-000000005403}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008563Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:23:08.645{C36AC009-CA9C-65EF-B11A-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008562Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:23:07.884{C36AC009-CA9B-65EF-B01A-000000005403}3660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008561Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:23:07.123{C36AC009-CA9B-65EF-AF1A-000000005403}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008560Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:23:06.451{C36AC009-CA9A-65EF-AE1A-000000005403}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008559Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:23:05.690{C36AC009-CA99-65EF-AD1A-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008558Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:22:08.684{C36AC009-CA60-65EF-AC1A-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008557Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:22:07.986{C36AC009-CA5F-65EF-AB1A-000000005403}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008556Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:22:07.220{C36AC009-CA5F-65EF-AA1A-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008555Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:22:06.443{C36AC009-CA5E-65EF-A91A-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008554Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:22:05.681{C36AC009-CA5D-65EF-A81A-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008553Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:21:08.638{C36AC009-CA24-65EF-A71A-000000005403}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008552Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:21:07.879{C36AC009-CA23-65EF-A61A-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008551Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:21:07.125{C36AC009-CA23-65EF-A51A-000000005403}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008550Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:21:06.443{C36AC009-CA22-65EF-A41A-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008549Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:21:05.681{C36AC009-CA21-65EF-A31A-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008548Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:20:08.601{C36AC009-C9E8-65EF-A21A-000000005403}208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008547Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:20:07.851{C36AC009-C9E7-65EF-A11A-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008546Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:20:07.089{C36AC009-C9E7-65EF-A01A-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008545Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:20:06.438{C36AC009-C9E6-65EF-9F1A-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008544Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:20:05.680{C36AC009-C9E5-65EF-9E1A-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008543Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:19:12.012{C36AC009-C9B0-65EF-9D1A-000000005403}4976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008542Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:19:11.973{C36AC009-C9AF-65EF-9C1A-000000005403}3052C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008541Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:19:11.938{C36AC009-C9AF-65EF-9B1A-000000005403}3592C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008540Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:19:11.872{C36AC009-C9AF-65EF-991A-000000005403}2828C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008539Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:19:08.693{C36AC009-C9AC-65EF-981A-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008538Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:19:07.943{C36AC009-C9AB-65EF-971A-000000005403}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008537Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:19:07.183{C36AC009-C9AB-65EF-961A-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008536Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:19:06.433{C36AC009-C9AA-65EF-951A-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008535Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:19:05.667{C36AC009-C9A9-65EF-941A-000000005403}1140C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008534Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:18:08.520{C36AC009-C970-65EF-931A-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008533Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:18:07.925{C36AC009-C96F-65EF-921A-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008532Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:18:07.162{C36AC009-C96F-65EF-911A-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008531Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:18:06.398{C36AC009-C96E-65EF-901A-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008530Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:18:05.648{C36AC009-C96D-65EF-8F1A-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008529Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:17:08.671{C36AC009-C934-65EF-8E1A-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008528Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:17:07.907{C36AC009-C933-65EF-8D1A-000000005403}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008527Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:17:07.142{C36AC009-C933-65EF-8C1A-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008526Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:17:06.408{C36AC009-C932-65EF-8B1A-000000005403}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008525Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:17:05.644{C36AC009-C931-65EF-8A1A-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008524Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:16:08.705{C36AC009-C8F8-65EF-891A-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008523Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:16:07.940{C36AC009-C8F7-65EF-881A-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008522Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:16:07.175{C36AC009-C8F7-65EF-871A-000000005403}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008521Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:16:06.409{C36AC009-C8F6-65EF-861A-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008520Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:16:05.644{C36AC009-C8F5-65EF-851A-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008519Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:15:08.692{C36AC009-C8BC-65EF-841A-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008518Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:15:07.942{C36AC009-C8BB-65EF-831A-000000005403}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008517Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:15:07.176{C36AC009-C8BB-65EF-821A-000000005403}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008516Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:15:06.410{C36AC009-C8BA-65EF-811A-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008515Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:15:05.645{C36AC009-C8B9-65EF-801A-000000005403}4744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008514Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:14:11.997{C36AC009-C883-65EF-7F1A-000000005403}4348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008513Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:14:11.958{C36AC009-C883-65EF-7E1A-000000005403}5088C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008512Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:14:11.922{C36AC009-C883-65EF-7D1A-000000005403}1576C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008511Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:14:11.858{C36AC009-C883-65EF-7B1A-000000005403}4584C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008510Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:14:08.529{C36AC009-C880-65EF-7A1A-000000005403}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008509Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:14:07.778{C36AC009-C87F-65EF-791A-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008508Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:14:07.029{C36AC009-C87F-65EF-781A-000000005403}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008507Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:14:06.402{C36AC009-C87E-65EF-771A-000000005403}3748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008506Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:14:05.636{C36AC009-C87D-65EF-761A-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008505Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:13:08.496{C36AC009-C844-65EF-751A-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008504Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:13:07.745{C36AC009-C843-65EF-741A-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008503Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:13:06.994{C36AC009-C842-65EF-731A-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008502Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:13:06.369{C36AC009-C842-65EF-721A-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008501Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:13:05.618{C36AC009-C841-65EF-711A-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008500Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:12:08.630{C36AC009-C808-65EF-701A-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008499Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:12:07.880{C36AC009-C807-65EF-6F1A-000000005403}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008498Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:12:07.129{C36AC009-C807-65EF-6E1A-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008497Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:12:06.378{C36AC009-C806-65EF-6D1A-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008496Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:12:05.627{C36AC009-C805-65EF-6C1A-000000005403}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008495Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:11:08.540{C36AC009-C7CC-65EF-6B1A-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008494Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:11:07.863{C36AC009-C7CB-65EF-6A1A-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008493Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:11:07.113{C36AC009-C7CB-65EF-691A-000000005403}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008492Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:11:06.363{C36AC009-C7CA-65EF-681A-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008491Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:11:05.608{C36AC009-C7C9-65EF-671A-000000005403}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008490Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:10:08.613{C36AC009-C790-65EF-661A-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008489Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:10:07.863{C36AC009-C78F-65EF-651A-000000005403}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008488Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:10:07.110{C36AC009-C78F-65EF-641A-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008487Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:10:06.357{C36AC009-C78E-65EF-631A-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008486Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:10:05.591{C36AC009-C78D-65EF-621A-000000005403}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008485Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:09:11.997{C36AC009-C757-65EF-611A-000000005403}1476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008484Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:09:11.958{C36AC009-C757-65EF-601A-000000005403}4408C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008483Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:09:11.923{C36AC009-C757-65EF-5F1A-000000005403}3780C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008482Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:09:11.858{C36AC009-C757-65EF-5D1A-000000005403}3264C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008481Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:09:08.542{C36AC009-C754-65EF-5C1A-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008480Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:09:07.839{C36AC009-C753-65EF-5B1A-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008479Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:09:07.085{C36AC009-C753-65EF-5A1A-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008478Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:09:06.332{C36AC009-C752-65EF-591A-000000005403}2184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008477Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:09:05.578{C36AC009-C751-65EF-581A-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008476Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:08:08.413{C36AC009-C718-65EF-571A-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008475Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:08:07.659{C36AC009-C717-65EF-561A-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008474Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:08:06.909{C36AC009-C716-65EF-551A-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008473Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:08:06.310{C36AC009-C716-65EF-541A-000000005403}764C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008472Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:08:05.556{C36AC009-C715-65EF-531A-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008471Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:07:08.489{C36AC009-C6DC-65EF-501A-000000005403}3836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008470Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:07:07.817{C36AC009-C6DB-65EF-4F1A-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008469Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:07:07.067{C36AC009-C6DB-65EF-4E1A-000000005403}4844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008468Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:07:06.307{C36AC009-C6DA-65EF-4D1A-000000005403}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008467Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:07:05.557{C36AC009-C6D9-65EF-4C1A-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008466Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:06:08.568{C36AC009-C6A0-65EF-4B1A-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008465Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:06:07.828{C36AC009-C69F-65EF-4A1A-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008464Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:06:07.078{C36AC009-C69F-65EF-491A-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008463Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:06:06.322{C36AC009-C69E-65EF-481A-000000005403}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008462Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:06:05.567{C36AC009-C69D-65EF-471A-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008461Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:05:08.560{C36AC009-C664-65EF-461A-000000005403}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008460Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:05:07.809{C36AC009-C663-65EF-451A-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008459Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:05:07.054{C36AC009-C663-65EF-441A-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008458Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:05:06.315{C36AC009-C662-65EF-431A-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008457Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:05:05.563{C36AC009-C661-65EF-421A-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008456Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:04:11.985{C36AC009-C62B-65EF-411A-000000005403}2424C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008455Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:04:11.946{C36AC009-C62B-65EF-401A-000000005403}1336C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008454Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:04:11.911{C36AC009-C62B-65EF-3F1A-000000005403}4176C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008453Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:04:11.846{C36AC009-C62B-65EF-3D1A-000000005403}4556C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008452Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:04:08.453{C36AC009-C628-65EF-3C1A-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008451Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:04:07.688{C36AC009-C627-65EF-3B1A-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008450Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:04:06.940{C36AC009-C626-65EF-3A1A-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008449Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:04:06.315{C36AC009-C626-65EF-391A-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008448Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:04:05.565{C36AC009-C625-65EF-381A-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008447Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:03:08.588{C36AC009-C5EC-65EF-371A-000000005403}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008446Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:03:07.823{C36AC009-C5EB-65EF-361A-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008445Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:03:07.073{C36AC009-C5EB-65EF-351A-000000005403}4744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008444Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:03:06.308{C36AC009-C5EA-65EF-341A-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008443Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:03:05.543{C36AC009-C5E9-65EF-331A-000000005403}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008442Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:02:08.465{C36AC009-C5B0-65EF-321A-000000005403}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008441Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:02:07.707{C36AC009-C5AF-65EF-311A-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008440Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:02:06.949{C36AC009-C5AE-65EF-301A-000000005403}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008439Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:02:06.293{C36AC009-C5AE-65EF-2F1A-000000005403}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008438Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:02:05.535{C36AC009-C5AD-65EF-2E1A-000000005403}2456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008437Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:01:08.554{C36AC009-C574-65EF-2D1A-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008436Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:01:07.811{C36AC009-C573-65EF-2C1A-000000005403}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008435Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:01:07.046{C36AC009-C573-65EF-2B1A-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008434Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:01:06.287{C36AC009-C572-65EF-2A1A-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008433Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:01:05.529{C36AC009-C571-65EF-291A-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008432Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:00:08.562{C36AC009-C538-65EF-281A-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008431Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:00:07.803{C36AC009-C537-65EF-271A-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008430Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:00:07.043{C36AC009-C537-65EF-261A-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008429Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:00:06.293{C36AC009-C536-65EF-251A-000000005403}2300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008428Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 03:00:05.518{C36AC009-C535-65EF-241A-000000005403}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008427Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:59:11.984{C36AC009-C4FF-65EF-231A-000000005403}3972C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008426Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:59:11.944{C36AC009-C4FF-65EF-221A-000000005403}2456C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008425Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:59:11.907{C36AC009-C4FF-65EF-211A-000000005403}3788C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008424Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:59:11.842{C36AC009-C4FF-65EF-1F1A-000000005403}3188C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008423Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:59:08.536{C36AC009-C4FC-65EF-1E1A-000000005403}2424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008422Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:59:07.776{C36AC009-C4FB-65EF-1D1A-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008421Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:59:07.026{C36AC009-C4FB-65EF-1C1A-000000005403}4392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008420Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:59:06.266{C36AC009-C4FA-65EF-1B1A-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008419Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:59:05.506{C36AC009-C4F9-65EF-1A1A-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008418Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:58:08.448{C36AC009-C4C0-65EF-191A-000000005403}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008417Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:58:07.781{C36AC009-C4BF-65EF-181A-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008416Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:58:07.020{C36AC009-C4BF-65EF-171A-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008415Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:58:06.254{C36AC009-C4BE-65EF-161A-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008414Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:58:05.494{C36AC009-C4BD-65EF-151A-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008413Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:57:08.534{C36AC009-C484-65EF-141A-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008412Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:57:07.789{C36AC009-C483-65EF-131A-000000005403}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008411Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:57:07.028{C36AC009-C483-65EF-121A-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008410Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:57:06.262{C36AC009-C482-65EF-111A-000000005403}4136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008409Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:57:05.497{C36AC009-C481-65EF-101A-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008408Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:56:08.486{C36AC009-C448-65EF-0F1A-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008407Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:56:07.735{C36AC009-C447-65EF-0E1A-000000005403}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008406Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:56:06.983{C36AC009-C446-65EF-0D1A-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008405Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:56:06.233{C36AC009-C446-65EF-0C1A-000000005403}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008404Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:56:05.476{C36AC009-C445-65EF-0B1A-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008403Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:55:08.483{C36AC009-C40C-65EF-0A1A-000000005403}1088C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008402Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:55:07.733{C36AC009-C40B-65EF-091A-000000005403}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008401Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:55:06.974{C36AC009-C40A-65EF-081A-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008400Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:55:06.212{C36AC009-C40A-65EF-071A-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008399Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:55:05.462{C36AC009-C409-65EF-061A-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008398Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:54:11.979{C36AC009-C3D3-65EF-051A-000000005403}2080C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008397Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:54:11.938{C36AC009-C3D3-65EF-041A-000000005403}3836C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008396Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:54:11.902{C36AC009-C3D3-65EF-031A-000000005403}3740C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008395Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:54:11.836{C36AC009-C3D3-65EF-011A-000000005403}2476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008394Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:54:08.499{C36AC009-C3D0-65EF-001A-000000005403}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008393Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:54:07.749{C36AC009-C3CF-65EF-FF19-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008392Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:54:06.989{C36AC009-C3CE-65EF-FE19-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008391Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:54:06.226{C36AC009-C3CE-65EF-FD19-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008390Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:54:05.463{C36AC009-C3CD-65EF-FC19-000000005403}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008389Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:53:08.455{C36AC009-C394-65EF-FB19-000000005403}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008388Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:53:07.738{C36AC009-C393-65EF-FA19-000000005403}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008387Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:53:06.988{C36AC009-C392-65EF-F919-000000005403}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008386Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:53:06.227{C36AC009-C392-65EF-F819-000000005403}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008385Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:53:05.461{C36AC009-C391-65EF-F719-000000005403}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008384Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:52:08.513{C36AC009-C358-65EF-F619-000000005403}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008383Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:52:07.763{C36AC009-C357-65EF-F519-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008382Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:52:06.998{C36AC009-C356-65EF-F419-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008381Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:52:06.219{C36AC009-C356-65EF-F319-000000005403}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008380Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:52:05.455{C36AC009-C355-65EF-F219-000000005403}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008379Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:51:08.356{C36AC009-C31C-65EF-F119-000000005403}2124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008378Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:51:07.608{C36AC009-C31B-65EF-F019-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008377Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:51:06.857{C36AC009-C31A-65EF-EF19-000000005403}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008376Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:51:06.217{C36AC009-C31A-65EF-EE19-000000005403}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008375Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:51:05.452{C36AC009-C319-65EF-ED19-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008374Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:50:08.312{C36AC009-C2E0-65EF-EC19-000000005403}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008373Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:50:07.562{C36AC009-C2DF-65EF-EB19-000000005403}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008372Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:50:06.812{C36AC009-C2DE-65EF-EA19-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008371Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:50:06.187{C36AC009-C2DE-65EF-E919-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008370Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:50:05.437{C36AC009-C2DD-65EF-E819-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008369Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:49:11.972{C36AC009-C2A7-65EF-E719-000000005403}4616C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008368Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:49:11.931{C36AC009-C2A7-65EF-E619-000000005403}4620C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008367Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:49:11.893{C36AC009-C2A7-65EF-E519-000000005403}1380C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008366Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:49:11.828{C36AC009-C2A7-65EF-E319-000000005403}5076C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008365Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:49:08.430{C36AC009-C2A4-65EF-E219-000000005403}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008364Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:49:07.680{C36AC009-C2A3-65EF-E119-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008363Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:49:06.930{C36AC009-C2A2-65EF-E019-000000005403}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008362Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:49:06.180{C36AC009-C2A2-65EF-DF19-000000005403}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008361Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:49:05.430{C36AC009-C2A1-65EF-DE19-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008360Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:48:08.426{C36AC009-C268-65EF-DD19-000000005403}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008359Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:48:07.676{C36AC009-C267-65EF-DC19-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008358Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:48:06.925{C36AC009-C266-65EF-DB19-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008357Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:48:06.174{C36AC009-C266-65EF-DA19-000000005403}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008356Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:48:05.424{C36AC009-C265-65EF-D919-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008355Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:47:08.424{C36AC009-C22C-65EF-D819-000000005403}2084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008354Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:47:07.674{C36AC009-C22B-65EF-D719-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008353Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:47:06.923{C36AC009-C22A-65EF-D619-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008352Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:47:06.172{C36AC009-C22A-65EF-D519-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008351Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:47:05.406{C36AC009-C229-65EF-D419-000000005403}32C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008350Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:46:08.297{C36AC009-C1F0-65EF-D319-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008349Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:46:07.531{C36AC009-C1EF-65EF-D219-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008348Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:46:06.780{C36AC009-C1EE-65EF-D119-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008347Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:46:06.154{C36AC009-C1EE-65EF-D019-000000005403}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008346Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:46:05.402{C36AC009-C1ED-65EF-CF19-000000005403}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008345Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:45:08.266{C36AC009-C1B4-65EF-CE19-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008344Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:45:07.527{C36AC009-C1B3-65EF-CD19-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008343Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:45:06.761{C36AC009-C1B2-65EF-CC19-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008342Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:45:06.167{C36AC009-C1B2-65EF-CB19-000000005403}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008341Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:45:05.399{C36AC009-C1B1-65EF-CA19-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008340Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:44:11.957{C36AC009-C17B-65EF-C919-000000005403}2668C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008339Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:44:11.919{C36AC009-C17B-65EF-C819-000000005403}2076C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008338Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:44:11.885{C36AC009-C17B-65EF-C719-000000005403}1948C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008337Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:44:11.819{C36AC009-C17B-65EF-C519-000000005403}4828C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008336Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:44:08.401{C36AC009-C178-65EF-C419-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008335Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:44:07.648{C36AC009-C177-65EF-C319-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008334Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:44:06.895{C36AC009-C176-65EF-C219-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008333Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:44:06.145{C36AC009-C176-65EF-C119-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008332Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:44:05.391{C36AC009-C175-65EF-C019-000000005403}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008331Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:43:08.304{C36AC009-C13C-65EF-BF19-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008330Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:43:07.647{C36AC009-C13B-65EF-BE19-000000005403}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008329Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:43:06.893{C36AC009-C13A-65EF-BD19-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008328Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:43:06.139{C36AC009-C13A-65EF-BC19-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008327Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:43:05.374{C36AC009-C139-65EF-BB19-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008326Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:42:08.258{C36AC009-C100-65EF-BA19-000000005403}208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008325Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:42:07.651{C36AC009-C0FF-65EF-B919-000000005403}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008324Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:42:06.893{C36AC009-C0FE-65EF-B819-000000005403}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008323Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:42:06.128{C36AC009-C0FE-65EF-B719-000000005403}372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008322Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:42:05.357{C36AC009-C0FD-65EF-B619-000000005403}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008321Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:41:08.270{C36AC009-C0C4-65EF-B519-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008320Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:41:07.632{C36AC009-C0C3-65EF-B419-000000005403}4996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008319Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:41:06.864{C36AC009-C0C2-65EF-B319-000000005403}1484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008318Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:41:06.109{C36AC009-C0C2-65EF-B219-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008317Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:41:05.354{C36AC009-C0C1-65EF-B119-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008316Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:40:08.305{C36AC009-C088-65EF-B019-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008315Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:40:07.617{C36AC009-C087-65EF-AF19-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008314Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:40:06.860{C36AC009-C086-65EF-AE19-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008313Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:40:06.103{C36AC009-C086-65EF-AD19-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008312Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:40:05.349{C36AC009-C085-65EF-AC19-000000005403}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008311Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:39:11.955{C36AC009-C04F-65EF-AB19-000000005403}2300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008310Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:39:11.916{C36AC009-C04F-65EF-AA19-000000005403}376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008309Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:39:11.880{C36AC009-C04F-65EF-A919-000000005403}4652C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008308Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:39:11.816{C36AC009-C04F-65EF-A719-000000005403}876C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008307Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:39:08.255{C36AC009-C04C-65EF-A619-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008306Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:39:07.614{C36AC009-C04B-65EF-A519-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008305Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:39:06.858{C36AC009-C04A-65EF-A419-000000005403}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008304Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:39:06.102{C36AC009-C04A-65EF-A319-000000005403}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008303Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:39:05.338{C36AC009-C049-65EF-A219-000000005403}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008302Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:38:08.344{C36AC009-C010-65EF-A119-000000005403}4404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008301Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:38:07.597{C36AC009-C00F-65EF-A019-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008300Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:38:06.847{C36AC009-C00E-65EF-9F19-000000005403}4340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008299Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:38:06.093{C36AC009-C00E-65EF-9E19-000000005403}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008298Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:38:05.329{C36AC009-C00D-65EF-9D19-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008297Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:37:08.339{C36AC009-BFD4-65EF-9C19-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008296Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:37:07.574{C36AC009-BFD3-65EF-9B19-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008295Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:37:06.818{C36AC009-BFD2-65EF-9A19-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008294Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:37:06.089{C36AC009-BFD2-65EF-9919-000000005403}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008293Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:37:05.323{C36AC009-BFD1-65EF-9819-000000005403}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008292Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:36:08.361{C36AC009-BF98-65EF-9719-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008291Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:36:07.611{C36AC009-BF97-65EF-9619-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008290Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:36:06.853{C36AC009-BF96-65EF-9519-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008289Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:36:06.082{C36AC009-BF96-65EF-9419-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008288Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:36:05.324{C36AC009-BF95-65EF-9319-000000005403}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008287Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:35:08.374{C36AC009-BF5C-65EF-9219-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008286Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:35:07.609{C36AC009-BF5B-65EF-9119-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008285Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:35:06.850{C36AC009-BF5A-65EF-9019-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008284Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:35:06.091{C36AC009-BF5A-65EF-8F19-000000005403}1088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008283Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:35:05.326{C36AC009-BF59-65EF-8E19-000000005403}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008282Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:34:11.946{C36AC009-BF23-65EF-8D19-000000005403}876C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008281Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:34:11.905{C36AC009-BF23-65EF-8C19-000000005403}1600C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008280Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:34:11.869{C36AC009-BF23-65EF-8B19-000000005403}3848C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008279Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:34:11.803{C36AC009-BF23-65EF-8919-000000005403}1876C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008278Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:34:08.346{C36AC009-BF20-65EF-8819-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008277Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:34:07.587{C36AC009-BF1F-65EF-8719-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008276Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:34:06.837{C36AC009-BF1E-65EF-8619-000000005403}3056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008275Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:34:06.094{C36AC009-BF1E-65EF-8519-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008274Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:34:05.335{C36AC009-BF1D-65EF-8419-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008273Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:33:08.141{C36AC009-BEE4-65EF-8319-000000005403}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008272Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:33:07.522{C36AC009-BEE3-65EF-8219-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008271Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:33:06.850{C36AC009-BEE2-65EF-8119-000000005403}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008270Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:33:06.091{C36AC009-BEE2-65EF-8019-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008269Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:33:05.331{C36AC009-BEE1-65EF-7F19-000000005403}4420C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008268Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:32:08.266{C36AC009-BEA8-65EF-7E19-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008267Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:32:07.516{C36AC009-BEA7-65EF-7D19-000000005403}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008266Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:32:06.766{C36AC009-BEA6-65EF-7C19-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008265Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:32:06.089{C36AC009-BEA6-65EF-7B19-000000005403}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008264Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:32:05.323{C36AC009-BEA5-65EF-7A19-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008263Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:31:08.347{C36AC009-BE6C-65EF-7919-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008262Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:31:07.581{C36AC009-BE6B-65EF-7819-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008261Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:31:06.820{C36AC009-BE6A-65EF-7719-000000005403}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008260Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:31:06.059{C36AC009-BE6A-65EF-7619-000000005403}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008259Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:31:05.309{C36AC009-BE69-65EF-7519-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008258Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:30:08.364{C36AC009-BE30-65EF-7419-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008257Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:30:07.602{C36AC009-BE2F-65EF-7319-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008256Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:30:06.840{C36AC009-BE2E-65EF-7219-000000005403}2040C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008255Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:30:06.075{C36AC009-BE2E-65EF-7119-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008254Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:30:05.313{C36AC009-BE2D-65EF-7019-000000005403}4668C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008253Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:29:11.938{C36AC009-BDF7-65EF-6F19-000000005403}5032C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008252Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:29:11.898{C36AC009-BDF7-65EF-6E19-000000005403}2956C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008251Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:29:11.863{C36AC009-BDF7-65EF-6D19-000000005403}876C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008250Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:29:11.798{C36AC009-BDF7-65EF-6B19-000000005403}1600C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008249Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:29:08.177{C36AC009-BDF4-65EF-6A19-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008248Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:29:07.552{C36AC009-BDF3-65EF-6919-000000005403}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008247Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:29:06.789{C36AC009-BDF2-65EF-6819-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008246Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:29:06.043{C36AC009-BDF2-65EF-6719-000000005403}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008245Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:29:05.293{C36AC009-BDF1-65EF-6619-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008244Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:28:08.364{C36AC009-BDB8-65EF-6519-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008243Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:28:07.586{C36AC009-BDB7-65EF-6419-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008242Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:28:06.820{C36AC009-BDB6-65EF-6319-000000005403}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008241Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:28:06.057{C36AC009-BDB6-65EF-6219-000000005403}3824C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008240Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:28:05.294{C36AC009-BDB5-65EF-6119-000000005403}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008239Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:27:08.151{C36AC009-BD7C-65EF-6019-000000005403}2376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008238Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:27:07.559{C36AC009-BD7B-65EF-5F19-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008237Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:27:06.796{C36AC009-BD7A-65EF-5E19-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008236Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:27:06.046{C36AC009-BD7A-65EF-5D19-000000005403}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008235Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:27:05.282{C36AC009-BD79-65EF-5C19-000000005403}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008234Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:26:08.266{C36AC009-BD40-65EF-5B19-000000005403}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008233Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:26:07.565{C36AC009-BD3F-65EF-5A19-000000005403}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008232Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:26:06.801{C36AC009-BD3E-65EF-5919-000000005403}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008231Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:26:06.037{C36AC009-BD3E-65EF-5819-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008230Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:26:05.272{C36AC009-BD3D-65EF-5719-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008229Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:25:08.294{C36AC009-BD04-65EF-5619-000000005403}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008228Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:25:07.544{C36AC009-BD03-65EF-5519-000000005403}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008227Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:25:06.780{C36AC009-BD02-65EF-5419-000000005403}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008226Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:25:06.015{C36AC009-BD02-65EF-5319-000000005403}2040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008225Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:25:05.266{C36AC009-BD01-65EF-5219-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008224Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:24:11.920{C36AC009-BCCB-65EF-5119-000000005403}2676C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008223Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:24:11.882{C36AC009-BCCB-65EF-5019-000000005403}3152C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008222Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:24:11.846{C36AC009-BCCB-65EF-4F19-000000005403}1380C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008221Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:24:11.782{C36AC009-BCCB-65EF-4D19-000000005403}1056C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008220Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:24:08.277{C36AC009-BCC8-65EF-4C19-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008219Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:24:07.512{C36AC009-BCC7-65EF-4B19-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008218Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:24:06.762{C36AC009-BCC6-65EF-4A19-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008217Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:24:05.998{C36AC009-BCC5-65EF-4919-000000005403}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008216Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:24:05.247{C36AC009-BCC5-65EF-4819-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008215Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:23:08.205{C36AC009-BC8C-65EF-4719-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008214Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:23:07.517{C36AC009-BC8B-65EF-4619-000000005403}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008213Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:23:06.767{C36AC009-BC8A-65EF-4519-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008212Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:23:06.002{C36AC009-BC8A-65EF-4419-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008211Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:23:05.236{C36AC009-BC89-65EF-4319-000000005403}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008210Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:22:08.132{C36AC009-BC50-65EF-4219-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008209Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:22:07.367{C36AC009-BC4F-65EF-4119-000000005403}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008208Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:22:06.616{C36AC009-BC4E-65EF-4019-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008207Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:22:05.959{C36AC009-BC4D-65EF-3F19-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008206Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:22:05.209{C36AC009-BC4D-65EF-3E19-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008205Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:21:08.141{C36AC009-BC14-65EF-3D19-000000005403}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008204Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:21:07.391{C36AC009-BC13-65EF-3C19-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008203Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:21:06.624{C36AC009-BC12-65EF-3B19-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008202Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:21:05.966{C36AC009-BC11-65EF-3A19-000000005403}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008201Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:21:05.216{C36AC009-BC11-65EF-3919-000000005403}2828C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008200Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:20:08.238{C36AC009-BBD8-65EF-3819-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008199Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:20:07.471{C36AC009-BBD7-65EF-3719-000000005403}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008198Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:20:06.718{C36AC009-BBD6-65EF-3619-000000005403}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008197Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:20:05.953{C36AC009-BBD5-65EF-3519-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008196Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:20:05.201{C36AC009-BBD5-65EF-3419-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008195Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:19:11.919{C36AC009-BB9F-65EF-3319-000000005403}3476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008194Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:19:11.881{C36AC009-BB9F-65EF-3219-000000005403}1040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008193Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:19:11.844{C36AC009-BB9F-65EF-3119-000000005403}2444C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008192Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:19:11.779{C36AC009-BB9F-65EF-2F19-000000005403}376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008191Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:19:08.167{C36AC009-BB9C-65EF-2E19-000000005403}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008190Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:19:07.417{C36AC009-BB9B-65EF-2D19-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008189Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:19:06.665{C36AC009-BB9A-65EF-2C19-000000005403}1380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008188Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:19:05.958{C36AC009-BB99-65EF-2B19-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008187Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:19:05.193{C36AC009-BB99-65EF-2A19-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008186Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:18:08.214{C36AC009-BB60-65EF-2919-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008185Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:18:07.458{C36AC009-BB5F-65EF-2819-000000005403}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008184Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:18:06.693{C36AC009-BB5E-65EF-2719-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008183Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:18:05.941{C36AC009-BB5D-65EF-2619-000000005403}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008182Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:18:05.188{C36AC009-BB5D-65EF-2519-000000005403}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008181Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:17:08.190{C36AC009-BB24-65EF-2419-000000005403}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008180Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:17:07.425{C36AC009-BB23-65EF-2319-000000005403}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008179Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:17:06.688{C36AC009-BB22-65EF-2219-000000005403}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008178Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:17:05.927{C36AC009-BB21-65EF-2119-000000005403}4200C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008177Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:17:05.177{C36AC009-BB21-65EF-2019-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008176Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:16:08.059{C36AC009-BAE8-65EF-1F19-000000005403}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008175Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:16:07.429{C36AC009-BAE7-65EF-1E19-000000005403}4340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008174Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:16:06.679{C36AC009-BAE6-65EF-1D19-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008173Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:16:05.925{C36AC009-BAE5-65EF-1C19-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008172Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:16:05.170{C36AC009-BAE5-65EF-1B19-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008171Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:15:08.065{C36AC009-BAAC-65EF-1A19-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008170Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:15:07.310{C36AC009-BAAB-65EF-1919-000000005403}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008169Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:15:06.561{C36AC009-BAAA-65EF-1819-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008168Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:15:05.911{C36AC009-BAA9-65EF-1719-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008167Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:15:05.160{C36AC009-BAA9-65EF-1619-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008166Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:14:11.915{C36AC009-BA73-65EF-1519-000000005403}3392C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008165Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:14:11.875{C36AC009-BA73-65EF-1419-000000005403}1996C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008164Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:14:11.839{C36AC009-BA73-65EF-1319-000000005403}2912C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008163Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:14:11.773{C36AC009-BA73-65EF-1119-000000005403}3592C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008162Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:14:08.166{C36AC009-BA70-65EF-1019-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008161Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:14:07.400{C36AC009-BA6F-65EF-0F19-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008160Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:14:06.645{C36AC009-BA6E-65EF-0E19-000000005403}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008159Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:14:05.920{C36AC009-BA6D-65EF-0D19-000000005403}1992C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008158Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:14:05.155{C36AC009-BA6D-65EF-0C19-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008157Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:13:08.001{C36AC009-BA34-65EF-0B19-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008156Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:13:07.254{C36AC009-BA33-65EF-0A19-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008155Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:13:06.504{C36AC009-BA32-65EF-0919-000000005403}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008154Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:13:05.910{C36AC009-BA31-65EF-0819-000000005403}4964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008153Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:13:05.154{C36AC009-BA31-65EF-0719-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008152Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:12:08.019{C36AC009-B9F8-65EF-0619-000000005403}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008151Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:12:07.262{C36AC009-B9F7-65EF-0519-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008150Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:12:06.497{C36AC009-B9F6-65EF-0419-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008149Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:12:05.903{C36AC009-B9F5-65EF-0319-000000005403}2040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008148Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:12:05.138{C36AC009-B9F5-65EF-0219-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008147Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:11:08.137{C36AC009-B9BC-65EF-0119-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008146Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:11:07.387{C36AC009-B9BB-65EF-0019-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008145Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:11:06.637{C36AC009-B9BA-65EF-FF18-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008144Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:11:05.887{C36AC009-B9B9-65EF-FE18-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008143Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:11:05.137{C36AC009-B9B9-65EF-FD18-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008142Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:10:08.168{C36AC009-B980-65EF-FC18-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008141Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:10:07.395{C36AC009-B97F-65EF-FB18-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008140Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:10:06.637{C36AC009-B97E-65EF-FA18-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008139Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:10:05.871{C36AC009-B97D-65EF-F918-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008138Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:10:05.113{C36AC009-B97D-65EF-F818-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008137Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:09:11.906{C36AC009-B947-65EF-F718-000000005403}2420C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008136Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:09:11.866{C36AC009-B947-65EF-F618-000000005403}3896C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008135Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:09:11.830{C36AC009-B947-65EF-F518-000000005403}4920C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008134Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:09:11.765{C36AC009-B947-65EF-F318-000000005403}1872C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008133Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:09:08.138{C36AC009-B944-65EF-F218-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008132Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:09:07.380{C36AC009-B943-65EF-F118-000000005403}4392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008131Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:09:06.614{C36AC009-B942-65EF-F018-000000005403}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008130Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:09:05.856{C36AC009-B941-65EF-EF18-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008129Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:09:05.097{C36AC009-B941-65EF-EE18-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008128Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:08:08.061{C36AC009-B908-65EF-ED18-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008127Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:08:07.372{C36AC009-B907-65EF-EC18-000000005403}1600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008126Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:08:06.612{C36AC009-B906-65EF-EB18-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008125Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:08:05.847{C36AC009-B905-65EF-EA18-000000005403}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008124Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:08:05.092{C36AC009-B905-65EF-E918-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008123Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:07:07.999{C36AC009-B8CB-65EF-E818-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008122Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:07:07.358{C36AC009-B8CB-65EF-E718-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008121Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:07:06.592{C36AC009-B8CA-65EF-E618-000000005403}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008120Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:07:05.832{C36AC009-B8C9-65EF-E518-000000005403}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008119Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:07:05.082{C36AC009-B8C9-65EF-E418-000000005403}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008118Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:06:07.943{C36AC009-B88F-65EF-E318-000000005403}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008117Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:06:07.177{C36AC009-B88F-65EF-E218-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008116Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:06:06.417{C36AC009-B88E-65EF-E118-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008115Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:06:05.828{C36AC009-B88D-65EF-E018-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008114Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:06:05.063{C36AC009-B88D-65EF-DF18-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008113Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:05:08.119{C36AC009-B854-65EF-DE18-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008112Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:05:07.356{C36AC009-B853-65EF-DD18-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008111Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:05:06.590{C36AC009-B852-65EF-DC18-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008110Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:05:05.825{C36AC009-B851-65EF-DB18-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008109Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:05:05.068{C36AC009-B851-65EF-DA18-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008108Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:04:11.897{C36AC009-B81B-65EF-D918-000000005403}2040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008107Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:04:11.858{C36AC009-B81B-65EF-D818-000000005403}1460C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008106Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:04:11.821{C36AC009-B81B-65EF-D718-000000005403}2816C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008105Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:04:11.757{C36AC009-B81B-65EF-D518-000000005403}4240C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008104Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:04:08.062{C36AC009-B818-65EF-D418-000000005403}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008103Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:04:07.301{C36AC009-B817-65EF-D318-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008102Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:04:06.539{C36AC009-B816-65EF-D218-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008101Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:04:05.824{C36AC009-B815-65EF-D118-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008100Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:04:05.058{C36AC009-B815-65EF-D018-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008099Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:03:08.082{C36AC009-B7DC-65EF-CF18-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008098Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:03:07.322{C36AC009-B7DB-65EF-CE18-000000005403}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008097Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:03:06.572{C36AC009-B7DA-65EF-CD18-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008096Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:03:05.806{C36AC009-B7D9-65EF-CC18-000000005403}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008095Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:03:05.047{C36AC009-B7D9-65EF-CB18-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008094Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:02:08.091{C36AC009-B7A0-65EF-CA18-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008093Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:02:07.326{C36AC009-B79F-65EF-C918-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008092Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:02:06.566{C36AC009-B79E-65EF-C818-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008091Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:02:05.801{C36AC009-B79D-65EF-C718-000000005403}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008090Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:02:05.051{C36AC009-B79D-65EF-C618-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008089Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:01:08.037{C36AC009-B764-65EF-C518-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008088Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:01:07.339{C36AC009-B763-65EF-C418-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008087Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:01:06.576{C36AC009-B762-65EF-C318-000000005403}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008086Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:01:05.810{C36AC009-B761-65EF-C218-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008085Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:01:05.049{C36AC009-B761-65EF-C118-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008084Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:00:08.032{C36AC009-B728-65EF-C018-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008083Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:00:07.283{C36AC009-B727-65EF-BF18-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008082Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:00:06.525{C36AC009-B726-65EF-BE18-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008081Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:00:05.796{C36AC009-B725-65EF-BD18-000000005403}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008080Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 02:00:05.046{C36AC009-B725-65EF-BC18-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008079Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:59:11.887{C36AC009-B6EF-65EF-BB18-000000005403}4772C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008078Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:59:11.848{C36AC009-B6EF-65EF-BA18-000000005403}3740C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008077Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:59:11.812{C36AC009-B6EF-65EF-B918-000000005403}2264C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008076Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:59:11.747{C36AC009-B6EF-65EF-B718-000000005403}3408C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008075Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:59:08.088{C36AC009-B6EC-65EF-B618-000000005403}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008074Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:59:07.338{C36AC009-B6EB-65EF-B518-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008073Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:59:06.574{C36AC009-B6EA-65EF-B418-000000005403}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008072Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:59:05.808{C36AC009-B6E9-65EF-B318-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008071Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:59:05.046{C36AC009-B6E9-65EF-B218-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008070Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:58:08.039{C36AC009-B6B0-65EF-B118-000000005403}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008069Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:58:07.258{C36AC009-B6AF-65EF-B018-000000005403}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008068Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:58:06.508{C36AC009-B6AE-65EF-AF18-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008067Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:58:05.805{C36AC009-B6AD-65EF-AE18-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008066Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:58:05.047{C36AC009-B6AD-65EF-AD18-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008065Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:57:07.961{C36AC009-B673-65EF-AC18-000000005403}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008064Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:57:07.288{C36AC009-B673-65EF-AB18-000000005403}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008063Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:57:06.538{C36AC009-B672-65EF-AA18-000000005403}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008062Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:57:05.788{C36AC009-B671-65EF-A918-000000005403}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008061Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:57:05.037{C36AC009-B671-65EF-A818-000000005403}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008060Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:56:07.895{C36AC009-B637-65EF-A718-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008059Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:56:07.285{C36AC009-B637-65EF-A618-000000005403}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008058Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:56:06.534{C36AC009-B636-65EF-A518-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008057Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:56:05.782{C36AC009-B635-65EF-A418-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008056Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:56:05.017{C36AC009-B635-65EF-A318-000000005403}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008055Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:55:08.021{C36AC009-B5FC-65EF-A218-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008054Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:55:07.255{C36AC009-B5FB-65EF-A118-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008053Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:55:06.502{C36AC009-B5FA-65EF-A018-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008052Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:55:05.783{C36AC009-B5F9-65EF-9F18-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008051Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:55:05.017{C36AC009-B5F9-65EF-9E18-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008050Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:54:11.878{C36AC009-B5C3-65EF-9D18-000000005403}2076C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008049Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:54:11.838{C36AC009-B5C3-65EF-9C18-000000005403}3572C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008048Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:54:11.801{C36AC009-B5C3-65EF-9B18-000000005403}2104C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008047Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:54:11.737{C36AC009-B5C3-65EF-9918-000000005403}3036C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008046Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:54:07.987{C36AC009-B5BF-65EF-9818-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008045Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:54:07.284{C36AC009-B5BF-65EF-9718-000000005403}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008044Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:54:06.534{C36AC009-B5BE-65EF-9618-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008043Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:54:05.766{C36AC009-B5BD-65EF-9518-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008042Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:54:05.014{C36AC009-B5BD-65EF-9418-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008041Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:53:07.951{C36AC009-B583-65EF-9318-000000005403}4864C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008040Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:53:07.262{C36AC009-B583-65EF-9218-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008039Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:53:06.509{C36AC009-B582-65EF-9118-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008038Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:53:05.759{C36AC009-B581-65EF-9018-000000005403}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008037Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:53:05.007{C36AC009-B581-65EF-8F18-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008036Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:52:08.031{C36AC009-B548-65EF-8E18-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008035Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:52:07.265{C36AC009-B547-65EF-8D18-000000005403}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008034Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:52:06.509{C36AC009-B546-65EF-8C18-000000005403}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008033Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:52:05.743{C36AC009-B545-65EF-8B18-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008032Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:52:04.993{C36AC009-B544-65EF-8A18-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008031Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:51:08.011{C36AC009-B50C-65EF-8918-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008030Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:51:07.241{C36AC009-B50B-65EF-8818-000000005403}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008029Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:51:06.491{C36AC009-B50A-65EF-8718-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008028Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:51:05.737{C36AC009-B509-65EF-8618-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008027Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:51:04.983{C36AC009-B508-65EF-8518-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008026Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:50:07.921{C36AC009-B4CF-65EF-8418-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008025Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:50:07.240{C36AC009-B4CF-65EF-8318-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008024Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:50:06.490{C36AC009-B4CE-65EF-8218-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008023Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:50:05.724{C36AC009-B4CD-65EF-8118-000000005403}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008022Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:50:04.970{C36AC009-B4CC-65EF-8018-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008021Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:49:11.865{C36AC009-B497-65EF-7F18-000000005403}4480C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008020Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:49:11.827{C36AC009-B497-65EF-7E18-000000005403}4580C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008019Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:49:11.792{C36AC009-B497-65EF-7D18-000000005403}2192C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008018Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:49:11.726{C36AC009-B497-65EF-7B18-000000005403}3616C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000008017Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:49:07.997{C36AC009-B493-65EF-7A18-000000005403}912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008016Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:49:07.253{C36AC009-B493-65EF-7918-000000005403}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008015Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:49:06.502{C36AC009-B492-65EF-7818-000000005403}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008014Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:49:05.731{C36AC009-B491-65EF-7718-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008013Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:49:04.960{C36AC009-B490-65EF-7618-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008012Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:48:07.458{C36AC009-B457-65EF-7518-000000005403}3960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008011Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:48:06.833{C36AC009-B456-65EF-7418-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008010Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:48:06.208{C36AC009-B456-65EF-7318-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008009Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:48:05.592{C36AC009-B455-65EF-7218-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008008Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:48:04.946{C36AC009-B454-65EF-7118-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008007Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:47:07.831{C36AC009-B41B-65EF-7018-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008006Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:47:07.068{C36AC009-B41B-65EF-6F18-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008005Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:47:06.312{C36AC009-B41A-65EF-6E18-000000005403}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008004Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:47:05.702{C36AC009-B419-65EF-6D18-000000005403}4952C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008003Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:47:04.946{C36AC009-B418-65EF-6C18-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008002Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:46:07.947{C36AC009-B3DF-65EF-6B18-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008001Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:46:07.196{C36AC009-B3DF-65EF-6A18-000000005403}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000008000Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:46:06.446{C36AC009-B3DE-65EF-6918-000000005403}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007999Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:46:05.690{C36AC009-B3DD-65EF-6818-000000005403}1404C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007998Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:46:04.933{C36AC009-B3DC-65EF-6718-000000005403}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007997Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:45:07.939{C36AC009-B3A3-65EF-6618-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007996Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:45:07.182{C36AC009-B3A3-65EF-6518-000000005403}3748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007995Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:45:06.417{C36AC009-B3A2-65EF-6418-000000005403}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007994Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:45:05.667{C36AC009-B3A1-65EF-6318-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007993Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:45:04.910{C36AC009-B3A0-65EF-6218-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007992Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:44:11.864{C36AC009-B36B-65EF-6118-000000005403}1008C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007991Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:44:11.827{C36AC009-B36B-65EF-6018-000000005403}3456C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007990Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:44:11.790{C36AC009-B36B-65EF-5F18-000000005403}4228C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007989Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:44:11.724{C36AC009-B36B-65EF-5D18-000000005403}2668C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007988Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:44:07.791{C36AC009-B367-65EF-5C18-000000005403}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007987Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:44:07.173{C36AC009-B367-65EF-5B18-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007986Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:44:06.423{C36AC009-B366-65EF-5A18-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007985Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:44:05.650{C36AC009-B365-65EF-5918-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007984Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:44:04.907{C36AC009-B364-65EF-5818-000000005403}912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007983Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:43:07.925{C36AC009-B32B-65EF-5718-000000005403}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007982Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:43:07.175{C36AC009-B32B-65EF-5618-000000005403}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007981Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:43:06.416{C36AC009-B32A-65EF-5518-000000005403}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007980Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:43:05.648{C36AC009-B329-65EF-5418-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007979Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:43:04.898{C36AC009-B328-65EF-5318-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007978Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:42:07.853{C36AC009-B2EF-65EF-5218-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007977Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:42:07.093{C36AC009-B2EF-65EF-5118-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007976Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:42:06.334{C36AC009-B2EE-65EF-5018-000000005403}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007975Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:42:05.653{C36AC009-B2ED-65EF-4F18-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007974Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:42:04.893{C36AC009-B2EC-65EF-4E18-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007973Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:41:07.910{C36AC009-B2B3-65EF-4D18-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007972Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:41:07.156{C36AC009-B2B3-65EF-4C18-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007971Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:41:06.406{C36AC009-B2B2-65EF-4B18-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007970Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:41:05.642{C36AC009-B2B1-65EF-4A18-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007969Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:41:04.891{C36AC009-B2B0-65EF-4918-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007968Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:40:07.905{C36AC009-B277-65EF-4818-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007967Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:40:07.155{C36AC009-B277-65EF-4718-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007966Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:40:06.399{C36AC009-B276-65EF-4618-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007965Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:40:05.649{C36AC009-B275-65EF-4518-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007964Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:40:04.877{C36AC009-B274-65EF-4418-000000005403}3356C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007963Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:39:11.858{C36AC009-B23F-65EF-4218-000000005403}1580C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007962Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:39:11.819{C36AC009-B23F-65EF-4118-000000005403}4460C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007961Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:39:11.783{C36AC009-B23F-65EF-4018-000000005403}4240C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007960Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:39:11.719{C36AC009-B23F-65EF-3E18-000000005403}5032C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007959Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:39:07.739{C36AC009-B23B-65EF-3D18-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007958Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:39:06.989{C36AC009-B23A-65EF-3C18-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007957Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:39:06.239{C36AC009-B23A-65EF-3B18-000000005403}2456C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007956Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:39:05.622{C36AC009-B239-65EF-3A18-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007955Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:39:04.860{C36AC009-B238-65EF-3918-000000005403}2192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007954Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:38:07.741{C36AC009-B1FF-65EF-3818-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007953Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:38:07.132{C36AC009-B1FF-65EF-3718-000000005403}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007952Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:38:06.370{C36AC009-B1FE-65EF-3618-000000005403}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007951Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:38:05.624{C36AC009-B1FD-65EF-3518-000000005403}3056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007950Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:38:04.847{C36AC009-B1FC-65EF-3418-000000005403}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007949Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:37:07.894{C36AC009-B1C3-65EF-3318-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007948Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:37:07.128{C36AC009-B1C3-65EF-3218-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007947Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:37:06.369{C36AC009-B1C2-65EF-3118-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007946Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:37:05.604{C36AC009-B1C1-65EF-3018-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007945Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:37:04.838{C36AC009-B1C0-65EF-2F18-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007944Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:36:07.777{C36AC009-B187-65EF-2E18-000000005403}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007943Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:36:07.091{C36AC009-B187-65EF-2D18-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007942Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:36:06.328{C36AC009-B186-65EF-2C18-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007941Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:36:05.578{C36AC009-B185-65EF-2B18-000000005403}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007940Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:36:04.818{C36AC009-B184-65EF-2A18-000000005403}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007939Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:35:07.732{C36AC009-B14B-65EF-2918-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007938Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:35:07.109{C36AC009-B14B-65EF-2818-000000005403}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007937Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:35:06.343{C36AC009-B14A-65EF-2718-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007936Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:35:05.564{C36AC009-B149-65EF-2618-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007935Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:35:04.800{C36AC009-B148-65EF-2518-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007934Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:34:11.850{C36AC009-B113-65EF-2418-000000005403}4736C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007933Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:34:11.811{C36AC009-B113-65EF-2318-000000005403}4532C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007932Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:34:11.776{C36AC009-B113-65EF-2218-000000005403}856C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007931Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:34:11.711{C36AC009-B113-65EF-2018-000000005403}4812C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007930Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:34:07.833{C36AC009-B10F-65EF-1F18-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007929Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:34:07.070{C36AC009-B10F-65EF-1E18-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007928Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:34:06.320{C36AC009-B10E-65EF-1D18-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007927Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:34:05.554{C36AC009-B10D-65EF-1C18-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007926Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:34:04.792{C36AC009-B10C-65EF-1B18-000000005403}4472C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007925Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:33:07.768{C36AC009-B0D3-65EF-1A18-000000005403}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007924Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:33:07.016{C36AC009-B0D3-65EF-1918-000000005403}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007923Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:33:06.266{C36AC009-B0D2-65EF-1818-000000005403}2300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007922Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:33:05.517{C36AC009-B0D1-65EF-1718-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007921Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:33:04.768{C36AC009-B0D0-65EF-1618-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007920Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:32:07.773{C36AC009-B097-65EF-1518-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007919Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:32:07.029{C36AC009-B097-65EF-1418-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007918Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:32:06.279{C36AC009-B096-65EF-1318-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007917Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:32:05.529{C36AC009-B095-65EF-1218-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007916Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:32:04.764{C36AC009-B094-65EF-1118-000000005403}3824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007915Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:31:07.778{C36AC009-B05B-65EF-1018-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007914Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:31:07.014{C36AC009-B05B-65EF-0F18-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007913Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:31:06.264{C36AC009-B05A-65EF-0E18-000000005403}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007912Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:31:05.514{C36AC009-B059-65EF-0D18-000000005403}3348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007911Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:31:04.748{C36AC009-B058-65EF-0C18-000000005403}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007910Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:30:07.664{C36AC009-B01F-65EF-0B18-000000005403}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007909Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:30:07.007{C36AC009-B01F-65EF-0A18-000000005403}2908C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007908Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:30:06.256{C36AC009-B01E-65EF-0918-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007907Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:30:05.490{C36AC009-B01D-65EF-0818-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007906Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:30:04.740{C36AC009-B01C-65EF-0718-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007905Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:29:11.851{C36AC009-AFE7-65EF-0618-000000005403}4316C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007904Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:29:11.810{C36AC009-AFE7-65EF-0518-000000005403}896C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007903Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:29:11.774{C36AC009-AFE7-65EF-0418-000000005403}3440C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007902Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:29:11.709{C36AC009-AFE7-65EF-0218-000000005403}2100C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007901Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:29:07.662{C36AC009-AFE3-65EF-0118-000000005403}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007900Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:29:06.896{C36AC009-AFE2-65EF-0018-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007899Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:29:06.139{C36AC009-AFE2-65EF-FF17-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007898Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:29:05.495{C36AC009-AFE1-65EF-FE17-000000005403}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007897Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:29:04.745{C36AC009-AFE0-65EF-FD17-000000005403}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007896Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:28:07.626{C36AC009-AFA7-65EF-FC17-000000005403}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007895Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:28:06.876{C36AC009-AFA6-65EF-FB17-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007894Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:28:06.113{C36AC009-AFA6-65EF-FA17-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007893Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:28:05.488{C36AC009-AFA5-65EF-F917-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007892Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:28:04.738{C36AC009-AFA4-65EF-F817-000000005403}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007891Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:27:07.743{C36AC009-AF6B-65EF-F717-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007890Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:27:06.987{C36AC009-AF6A-65EF-F617-000000005403}4796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007889Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:27:06.237{C36AC009-AF6A-65EF-F517-000000005403}2124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007888Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:27:05.472{C36AC009-AF69-65EF-F417-000000005403}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007887Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:27:04.717{C36AC009-AF68-65EF-F317-000000005403}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007886Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:26:07.645{C36AC009-AF2F-65EF-F217-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007885Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:26:06.880{C36AC009-AF2E-65EF-F117-000000005403}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007884Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:26:06.111{C36AC009-AF2E-65EF-F017-000000005403}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007883Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:26:05.478{C36AC009-AF2D-65EF-EF17-000000005403}4924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007882Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:26:04.712{C36AC009-AF2C-65EF-EE17-000000005403}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007881Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:25:07.564{C36AC009-AEF3-65EF-ED17-000000005403}4176C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007880Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:25:06.935{C36AC009-AEF2-65EF-EC17-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007879Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:25:06.196{C36AC009-AEF2-65EF-EB17-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007878Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:25:05.446{C36AC009-AEF1-65EF-EA17-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007877Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:25:04.693{C36AC009-AEF0-65EF-E917-000000005403}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007876Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:24:11.849{C36AC009-AEBB-65EF-E817-000000005403}5108C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007875Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:24:11.808{C36AC009-AEBB-65EF-E717-000000005403}4596C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007874Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:24:11.772{C36AC009-AEBB-65EF-E617-000000005403}1604C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007873Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:24:11.707{C36AC009-AEBB-65EF-E417-000000005403}484C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007872Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:24:07.695{C36AC009-AEB7-65EF-E317-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007871Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:24:06.945{C36AC009-AEB6-65EF-E217-000000005403}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007870Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:24:06.180{C36AC009-AEB6-65EF-E117-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007869Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:24:05.420{C36AC009-AEB5-65EF-E017-000000005403}3040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007868Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:24:04.668{C36AC009-AEB4-65EF-DF17-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007867Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:23:07.663{C36AC009-AE7B-65EF-DE17-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007866Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:23:06.897{C36AC009-AE7A-65EF-DD17-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007865Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:23:06.138{C36AC009-AE7A-65EF-DC17-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007864Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:23:05.419{C36AC009-AE79-65EF-DB17-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007863Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:23:04.654{C36AC009-AE78-65EF-DA17-000000005403}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007862Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:22:07.622{C36AC009-AE3F-65EF-D917-000000005403}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007861Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:22:06.857{C36AC009-AE3E-65EF-D817-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007860Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:22:06.096{C36AC009-AE3E-65EF-D717-000000005403}1732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007859Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:22:05.424{C36AC009-AE3D-65EF-D617-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007858Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:22:04.666{C36AC009-AE3C-65EF-D517-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007857Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:21:07.616{C36AC009-AE03-65EF-D417-000000005403}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007856Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:21:06.860{C36AC009-AE02-65EF-D317-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007855Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:21:06.088{C36AC009-AE02-65EF-D217-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007854Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:21:05.416{C36AC009-AE01-65EF-D117-000000005403}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007853Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:21:04.660{C36AC009-AE00-65EF-D017-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007852Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:20:07.612{C36AC009-ADC7-65EF-CF17-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007851Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:20:06.847{C36AC009-ADC6-65EF-CE17-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007850Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:20:06.086{C36AC009-ADC6-65EF-CD17-000000005403}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007849Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:20:05.391{C36AC009-ADC5-65EF-CC17-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007848Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:20:04.641{C36AC009-ADC4-65EF-CB17-000000005403}3660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007847Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:19:11.834{C36AC009-AD8F-65EF-CA17-000000005403}5108C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007846Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:19:11.795{C36AC009-AD8F-65EF-C917-000000005403}4596C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007845Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:19:11.760{C36AC009-AD8F-65EF-C817-000000005403}1604C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007844Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:19:11.695{C36AC009-AD8F-65EF-C617-000000005403}1132C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007843Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:19:07.585{C36AC009-AD8B-65EF-C517-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007842Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:19:06.827{C36AC009-AD8A-65EF-C417-000000005403}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007841Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:19:06.147{C36AC009-AD8A-65EF-C317-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007840Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:19:05.385{C36AC009-AD89-65EF-C217-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007839Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:19:04.621{C36AC009-AD88-65EF-C117-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007838Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:18:07.567{C36AC009-AD4F-65EF-C017-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007837Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:18:06.809{C36AC009-AD4E-65EF-BF17-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007836Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:18:06.128{C36AC009-AD4E-65EF-BE17-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007835Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:18:05.378{C36AC009-AD4D-65EF-BD17-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007834Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:18:04.619{C36AC009-AD4C-65EF-BC17-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007833Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:17:07.664{C36AC009-AD13-65EF-BB17-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007832Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:17:06.898{C36AC009-AD12-65EF-BA17-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007831Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:17:06.139{C36AC009-AD12-65EF-B917-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007830Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:17:05.373{C36AC009-AD11-65EF-B817-000000005403}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007829Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:17:04.615{C36AC009-AD10-65EF-B717-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007828Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:16:07.646{C36AC009-ACD7-65EF-B617-000000005403}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007827Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:16:06.881{C36AC009-ACD6-65EF-B517-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007826Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:16:06.127{C36AC009-ACD6-65EF-B417-000000005403}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007825Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:16:05.518{C36AC009-ACD5-65EF-B317-000000005403}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007824Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:16:04.752{C36AC009-ACD4-65EF-B217-000000005403}4420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007823Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:15:07.604{C36AC009-AC9B-65EF-B117-000000005403}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007822Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:15:06.839{C36AC009-AC9A-65EF-B017-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007821Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:15:06.079{C36AC009-AC9A-65EF-AF17-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007820Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:15:05.491{C36AC009-AC99-65EF-AE17-000000005403}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007819Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:15:04.741{C36AC009-AC98-65EF-AD17-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007818Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:14:11.833{C36AC009-AC63-65EF-AC17-000000005403}4828C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007817Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:14:11.793{C36AC009-AC63-65EF-AB17-000000005403}4476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007816Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:14:11.757{C36AC009-AC63-65EF-AA17-000000005403}3360C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007815Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:14:11.692{C36AC009-AC63-65EF-A817-000000005403}4368C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007814Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:14:07.770{C36AC009-AC5F-65EF-A717-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007813Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:14:07.020{C36AC009-AC5F-65EF-A617-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007812Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:14:06.244{C36AC009-AC5E-65EF-A517-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007811Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:14:05.483{C36AC009-AC5D-65EF-A417-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007810Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:14:04.733{C36AC009-AC5C-65EF-A317-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007809Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:13:07.667{C36AC009-AC23-65EF-A217-000000005403}2908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007808Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:13:07.031{C36AC009-AC23-65EF-A117-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007807Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:13:06.281{C36AC009-AC22-65EF-A017-000000005403}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007806Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:13:05.519{C36AC009-AC21-65EF-9F17-000000005403}1992C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007805Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:13:04.743{C36AC009-AC20-65EF-9E17-000000005403}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007804Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:12:07.651{C36AC009-ABE7-65EF-9D17-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007803Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:12:06.889{C36AC009-ABE6-65EF-9C17-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007802Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:12:06.139{C36AC009-ABE6-65EF-9B17-000000005403}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007801Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:12:05.498{C36AC009-ABE5-65EF-9A17-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007800Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:12:04.741{C36AC009-ABE4-65EF-9917-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007799Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:11:07.737{C36AC009-ABAB-65EF-9817-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007798Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:11:06.971{C36AC009-ABAA-65EF-9717-000000005403}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007797Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:11:06.212{C36AC009-ABAA-65EF-9617-000000005403}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007796Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:11:05.493{C36AC009-ABA9-65EF-9517-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007795Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:11:04.727{C36AC009-ABA8-65EF-9417-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007794Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:10:07.761{C36AC009-AB6F-65EF-9317-000000005403}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007793Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:10:07.011{C36AC009-AB6F-65EF-9217-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007792Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:10:06.248{C36AC009-AB6E-65EF-9117-000000005403}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007791Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:10:05.484{C36AC009-AB6D-65EF-9017-000000005403}4844C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007790Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:10:04.719{C36AC009-AB6C-65EF-8F17-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007789Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:09:11.824{C36AC009-AB37-65EF-8E17-000000005403}5108C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007788Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:09:11.784{C36AC009-AB37-65EF-8D17-000000005403}1872C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007787Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:09:11.749{C36AC009-AB37-65EF-8C17-000000005403}4828C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007786Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:09:11.684{C36AC009-AB37-65EF-8A17-000000005403}4476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007785Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:09:07.652{C36AC009-AB33-65EF-8917-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007784Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:09:06.902{C36AC009-AB32-65EF-8817-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007783Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:09:06.152{C36AC009-AB32-65EF-8717-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007782Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:09:05.468{C36AC009-AB31-65EF-8617-000000005403}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007781Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:09:04.702{C36AC009-AB30-65EF-8517-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007780Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:08:07.744{C36AC009-AAF7-65EF-8417-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007779Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:08:06.978{C36AC009-AAF6-65EF-8317-000000005403}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007778Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:08:06.225{C36AC009-AAF6-65EF-8217-000000005403}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007777Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:08:05.459{C36AC009-AAF5-65EF-8117-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007776Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:08:04.695{C36AC009-AAF4-65EF-8017-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007775Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:07:07.709{C36AC009-AABB-65EF-7F17-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007774Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:07:06.944{C36AC009-AABA-65EF-7E17-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007773Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:07:06.196{C36AC009-AABA-65EF-7D17-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007772Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:07:05.446{C36AC009-AAB9-65EF-7C17-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007771Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:07:04.696{C36AC009-AAB8-65EF-7B17-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007770Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:06:07.741{C36AC009-AA7F-65EF-7A17-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007769Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:06:06.976{C36AC009-AA7E-65EF-7917-000000005403}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007768Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:06:06.210{C36AC009-AA7E-65EF-7817-000000005403}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007767Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:06:05.445{C36AC009-AA7D-65EF-7717-000000005403}1088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007766Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:06:04.695{C36AC009-AA7C-65EF-7617-000000005403}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007765Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:05:07.689{C36AC009-AA43-65EF-7517-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007764Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:05:06.939{C36AC009-AA42-65EF-7417-000000005403}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007763Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:05:06.188{C36AC009-AA42-65EF-7317-000000005403}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007762Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:05:05.438{C36AC009-AA41-65EF-7217-000000005403}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007761Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:05:04.688{C36AC009-AA40-65EF-7117-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007760Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:04:11.814{C36AC009-AA0B-65EF-7017-000000005403}2892C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007759Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:04:11.775{C36AC009-AA0B-65EF-6F17-000000005403}3288C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007758Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:04:11.739{C36AC009-AA0B-65EF-6E17-000000005403}4880C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007757Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:04:11.674{C36AC009-AA0B-65EF-6C17-000000005403}4624C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007756Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:04:07.647{C36AC009-AA07-65EF-6B17-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007755Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:04:06.881{C36AC009-AA06-65EF-6A17-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007754Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:04:06.130{C36AC009-AA06-65EF-6917-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007753Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:04:05.442{C36AC009-AA05-65EF-6817-000000005403}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007752Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:04:04.692{C36AC009-AA04-65EF-6717-000000005403}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007751Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:03:07.609{C36AC009-A9CB-65EF-6617-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007750Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:03:06.844{C36AC009-A9CA-65EF-6517-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007749Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:03:06.091{C36AC009-A9CA-65EF-6417-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007748Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:03:05.434{C36AC009-A9C9-65EF-6317-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007747Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:03:04.684{C36AC009-A9C8-65EF-6217-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007746Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:02:07.621{C36AC009-A98F-65EF-6117-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007745Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:02:06.949{C36AC009-A98E-65EF-6017-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007744Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:02:06.196{C36AC009-A98E-65EF-5F17-000000005403}4796C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007743Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:02:05.444{C36AC009-A98D-65EF-5E17-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007742Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:02:04.678{C36AC009-A98C-65EF-5D17-000000005403}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007741Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:01:07.716{C36AC009-A953-65EF-5C17-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007740Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:01:06.951{C36AC009-A952-65EF-5B17-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007739Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:01:06.195{C36AC009-A952-65EF-5A17-000000005403}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007738Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:01:05.445{C36AC009-A951-65EF-5917-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007737Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:01:04.679{C36AC009-A950-65EF-5817-000000005403}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007736Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:00:07.713{C36AC009-A917-65EF-5717-000000005403}4952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007735Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:00:06.962{C36AC009-A916-65EF-5617-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007734Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:00:06.208{C36AC009-A916-65EF-5517-000000005403}4648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007733Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:00:05.439{C36AC009-A915-65EF-5417-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007732Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 01:00:04.673{C36AC009-A914-65EF-5317-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007731Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:59:11.808{C36AC009-A8DF-65EF-5217-000000005403}3648C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007730Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:59:11.769{C36AC009-A8DF-65EF-5117-000000005403}2116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007729Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:59:11.733{C36AC009-A8DF-65EF-5017-000000005403}3520C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007728Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:59:11.669{C36AC009-A8DF-65EF-4E17-000000005403}4864C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007727Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:59:07.696{C36AC009-A8DB-65EF-4D17-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007726Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:59:06.942{C36AC009-A8DA-65EF-4C17-000000005403}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007725Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:59:06.188{C36AC009-A8DA-65EF-4B17-000000005403}3436C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007724Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:59:05.435{C36AC009-A8D9-65EF-4A17-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007723Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:59:04.669{C36AC009-A8D8-65EF-4917-000000005403}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007722Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:58:07.703{C36AC009-A89F-65EF-4817-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007721Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:58:06.936{C36AC009-A89E-65EF-4717-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007720Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:58:06.186{C36AC009-A89E-65EF-4617-000000005403}4472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007719Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:58:05.431{C36AC009-A89D-65EF-4517-000000005403}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007718Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:58:04.677{C36AC009-A89C-65EF-4417-000000005403}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007717Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:57:07.689{C36AC009-A863-65EF-4317-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007716Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:57:06.929{C36AC009-A862-65EF-4217-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007715Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:57:06.179{C36AC009-A862-65EF-4117-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007714Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:57:05.425{C36AC009-A861-65EF-4017-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007713Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:57:04.674{C36AC009-A860-65EF-3F17-000000005403}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007712Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:56:07.700{C36AC009-A827-65EF-3E17-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007711Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:56:06.944{C36AC009-A826-65EF-3D17-000000005403}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007710Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:56:06.188{C36AC009-A826-65EF-3C17-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007709Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:56:05.438{C36AC009-A825-65EF-3B17-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007708Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:56:04.677{C36AC009-A824-65EF-3A17-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007707Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:55:07.580{C36AC009-A7EB-65EF-3917-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007706Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:55:06.970{C36AC009-A7EA-65EF-3817-000000005403}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007705Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:55:06.198{C36AC009-A7EA-65EF-3717-000000005403}1268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007704Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:55:05.441{C36AC009-A7E9-65EF-3617-000000005403}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007703Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:55:04.676{C36AC009-A7E8-65EF-3517-000000005403}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007702Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:54:11.797{C36AC009-A7B3-65EF-3417-000000005403}1984C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007701Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:54:11.758{C36AC009-A7B3-65EF-3317-000000005403}5068C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007700Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:54:11.721{C36AC009-A7B3-65EF-3217-000000005403}3660C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007699Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:54:11.656{C36AC009-A7B3-65EF-3017-000000005403}4800C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007698Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:54:07.629{C36AC009-A7AF-65EF-2F17-000000005403}2184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007697Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:54:06.934{C36AC009-A7AE-65EF-2E17-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007696Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:54:06.184{C36AC009-A7AE-65EF-2D17-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007695Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:54:05.426{C36AC009-A7AD-65EF-2C17-000000005403}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007694Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:54:04.669{C36AC009-A7AC-65EF-2B17-000000005403}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007693Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:53:07.593{C36AC009-A773-65EF-2A17-000000005403}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007692Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:53:06.905{C36AC009-A772-65EF-2917-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007691Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:53:06.147{C36AC009-A772-65EF-2817-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007690Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:53:05.405{C36AC009-A771-65EF-2717-000000005403}4840C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007689Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:53:04.655{C36AC009-A770-65EF-2617-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007688Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:52:07.664{C36AC009-A737-65EF-2517-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007687Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:52:06.898{C36AC009-A736-65EF-2417-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007686Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:52:06.147{C36AC009-A736-65EF-2317-000000005403}5040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007685Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:52:05.397{C36AC009-A735-65EF-2217-000000005403}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007684Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:52:04.647{C36AC009-A734-65EF-2117-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007683Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:51:07.551{C36AC009-A6FB-65EF-2017-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007682Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:51:06.887{C36AC009-A6FA-65EF-1F17-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007681Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:51:06.136{C36AC009-A6FA-65EF-1E17-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007680Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:51:05.386{C36AC009-A6F9-65EF-1D17-000000005403}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007679Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:51:04.636{C36AC009-A6F8-65EF-1C17-000000005403}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007678Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:50:07.603{C36AC009-A6BF-65EF-1B17-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007677Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:50:06.836{C36AC009-A6BE-65EF-1A17-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007676Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:50:06.085{C36AC009-A6BE-65EF-1917-000000005403}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007675Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:50:05.397{C36AC009-A6BD-65EF-1817-000000005403}4924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007674Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:50:04.628{C36AC009-A6BC-65EF-1717-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007673Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:49:11.785{C36AC009-A687-65EF-1617-000000005403}2476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007672Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:49:11.745{C36AC009-A687-65EF-1517-000000005403}4344C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007671Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:49:11.709{C36AC009-A687-65EF-1417-000000005403}2496C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007670Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:49:11.644{C36AC009-A687-65EF-1217-000000005403}4688C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007669Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:49:07.665{C36AC009-A683-65EF-1117-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007668Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:49:06.900{C36AC009-A682-65EF-1017-000000005403}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007667Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:49:06.140{C36AC009-A682-65EF-0F17-000000005403}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007666Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:49:05.380{C36AC009-A681-65EF-0E17-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007665Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:49:04.614{C36AC009-A680-65EF-0D17-000000005403}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007664Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:48:07.472{C36AC009-A647-65EF-0C17-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007663Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:48:06.868{C36AC009-A646-65EF-0B17-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007662Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:48:06.107{C36AC009-A646-65EF-0A17-000000005403}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007661Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:48:05.357{C36AC009-A645-65EF-0917-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007660Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:48:04.596{C36AC009-A644-65EF-0817-000000005403}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007659Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:47:07.621{C36AC009-A60B-65EF-0717-000000005403}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007658Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:47:06.871{C36AC009-A60A-65EF-0617-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007657Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:47:06.100{C36AC009-A60A-65EF-0517-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007656Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:47:05.349{C36AC009-A609-65EF-0417-000000005403}4176C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007655Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:47:04.583{C36AC009-A608-65EF-0317-000000005403}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007654Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:46:07.477{C36AC009-A5CF-65EF-0217-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007653Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:46:06.855{C36AC009-A5CE-65EF-0117-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007652Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:46:06.093{C36AC009-A5CE-65EF-0017-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007651Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:46:05.327{C36AC009-A5CD-65EF-FF16-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007650Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:46:04.569{C36AC009-A5CC-65EF-FE16-000000005403}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007649Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:45:07.593{C36AC009-A593-65EF-FD16-000000005403}4924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007648Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:45:06.827{C36AC009-A592-65EF-FC16-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007647Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:45:06.065{C36AC009-A592-65EF-FB16-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007646Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:45:05.302{C36AC009-A591-65EF-FA16-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007645Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:45:04.552{C36AC009-A590-65EF-F916-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007644Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:44:11.767{C36AC009-A55B-65EF-F816-000000005403}4820C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007643Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:44:11.727{C36AC009-A55B-65EF-F716-000000005403}3784C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007642Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:44:11.692{C36AC009-A55B-65EF-F616-000000005403}4520C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007641Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:44:11.627{C36AC009-A55B-65EF-F416-000000005403}3408C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007640Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:44:07.538{C36AC009-A557-65EF-F316-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007639Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:44:06.775{C36AC009-A556-65EF-F216-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007638Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:44:06.025{C36AC009-A556-65EF-F116-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007637Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:44:05.308{C36AC009-A555-65EF-F016-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007636Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:44:04.545{C36AC009-A554-65EF-EF16-000000005403}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007635Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:43:07.569{C36AC009-A51B-65EF-EE16-000000005403}304C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007634Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:43:06.806{C36AC009-A51A-65EF-ED16-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007633Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:43:06.040{C36AC009-A51A-65EF-EC16-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007632Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:43:05.279{C36AC009-A519-65EF-EB16-000000005403}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007631Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:43:04.529{C36AC009-A518-65EF-EA16-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007630Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:42:07.447{C36AC009-A4DF-65EF-E916-000000005403}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007629Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:42:06.792{C36AC009-A4DE-65EF-E816-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007628Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:42:06.027{C36AC009-A4DE-65EF-E716-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007627Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:42:05.277{C36AC009-A4DD-65EF-E616-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007626Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:42:04.529{C36AC009-A4DC-65EF-E516-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007625Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:41:07.573{C36AC009-A4A3-65EF-E416-000000005403}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007624Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:41:06.809{C36AC009-A4A2-65EF-E316-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007623Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:41:06.059{C36AC009-A4A2-65EF-E216-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007622Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:41:05.294{C36AC009-A4A1-65EF-E116-000000005403}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007621Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:41:04.529{C36AC009-A4A0-65EF-E016-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007620Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:40:07.490{C36AC009-A467-65EF-DF16-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007619Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:40:06.726{C36AC009-A466-65EF-DE16-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007618Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:40:05.977{C36AC009-A465-65EF-DD16-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007617Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:40:05.273{C36AC009-A465-65EF-DC16-000000005403}4480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007616Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:40:04.523{C36AC009-A464-65EF-DB16-000000005403}2084C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007615Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:39:11.758{C36AC009-A42F-65EF-DA16-000000005403}604C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007614Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:39:11.718{C36AC009-A42F-65EF-D916-000000005403}1008C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007613Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:39:11.683{C36AC009-A42F-65EF-D816-000000005403}764C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007612Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:39:11.619{C36AC009-A42F-65EF-D616-000000005403}4556C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007611Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:39:07.552{C36AC009-A42B-65EF-D516-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007610Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:39:06.799{C36AC009-A42A-65EF-D416-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007609Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:39:06.037{C36AC009-A42A-65EF-D316-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007608Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:39:05.272{C36AC009-A429-65EF-D216-000000005403}4436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007607Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:39:04.522{C36AC009-A428-65EF-D116-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007606Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:38:07.556{C36AC009-A3EF-65EF-D016-000000005403}4532C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007605Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:38:06.805{C36AC009-A3EE-65EF-CF16-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007604Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:38:06.040{C36AC009-A3EE-65EF-CE16-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007603Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:38:05.285{C36AC009-A3ED-65EF-CD16-000000005403}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007602Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:38:04.522{C36AC009-A3EC-65EF-CC16-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007601Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:37:07.559{C36AC009-A3B3-65EF-CB16-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007600Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:37:06.793{C36AC009-A3B2-65EF-CA16-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007599Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:37:06.041{C36AC009-A3B2-65EF-C916-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007598Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:37:05.275{C36AC009-A3B1-65EF-C816-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007597Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:37:04.523{C36AC009-A3B0-65EF-C716-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007596Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:36:07.407{C36AC009-A377-65EF-C616-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007595Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:36:06.808{C36AC009-A376-65EF-C516-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007594Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:36:06.042{C36AC009-A376-65EF-C416-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007593Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:36:05.277{C36AC009-A375-65EF-C316-000000005403}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007592Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:36:04.524{C36AC009-A374-65EF-C216-000000005403}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007591Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:35:07.543{C36AC009-A33B-65EF-C116-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007590Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:35:06.788{C36AC009-A33A-65EF-C016-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007589Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:35:06.033{C36AC009-A33A-65EF-BF16-000000005403}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007588Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:35:05.267{C36AC009-A339-65EF-BE16-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007587Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:35:04.528{C36AC009-A338-65EF-BD16-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007586Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:34:11.758{C36AC009-A303-65EF-BC16-000000005403}856C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007585Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:34:11.718{C36AC009-A303-65EF-BB16-000000005403}764C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007584Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:34:11.682{C36AC009-A303-65EF-BA16-000000005403}364C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007583Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:34:11.618{C36AC009-A303-65EF-B816-000000005403}4812C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007582Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:34:07.534{C36AC009-A2FF-65EF-B716-000000005403}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007581Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:34:06.781{C36AC009-A2FE-65EF-B616-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007580Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:34:06.026{C36AC009-A2FE-65EF-B516-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007579Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:34:05.272{C36AC009-A2FD-65EF-B416-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007578Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:34:04.522{C36AC009-A2FC-65EF-B316-000000005403}1140C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007577Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:33:07.511{C36AC009-A2C3-65EF-B216-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007576Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:33:06.745{C36AC009-A2C2-65EF-B116-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007575Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:33:05.990{C36AC009-A2C1-65EF-B016-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007574Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:33:05.271{C36AC009-A2C1-65EF-AF16-000000005403}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007573Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:33:04.517{C36AC009-A2C0-65EF-AE16-000000005403}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007572Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:32:07.470{C36AC009-A287-65EF-AD16-000000005403}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007571Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:32:06.767{C36AC009-A286-65EF-AC16-000000005403}4176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007570Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:32:06.016{C36AC009-A286-65EF-AB16-000000005403}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007569Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:32:05.266{C36AC009-A285-65EF-AA16-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007568Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:32:04.516{C36AC009-A284-65EF-A916-000000005403}2632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007567Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:31:07.553{C36AC009-A24B-65EF-A816-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007566Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:31:06.797{C36AC009-A24A-65EF-A716-000000005403}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007565Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:31:06.035{C36AC009-A24A-65EF-A616-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007564Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:31:05.269{C36AC009-A249-65EF-A516-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007563Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:31:04.514{C36AC009-A248-65EF-A416-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007562Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:30:07.366{C36AC009-A20F-65EF-A316-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007561Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:30:06.757{C36AC009-A20E-65EF-A216-000000005403}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007560Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:30:06.010{C36AC009-A20E-65EF-A116-000000005403}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007559Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:30:05.254{C36AC009-A20D-65EF-A016-000000005403}2164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007558Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:30:04.504{C36AC009-A20C-65EF-9F16-000000005403}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007557Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:29:11.742{C36AC009-A1D7-65EF-9E16-000000005403}4720C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007556Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:29:11.702{C36AC009-A1D7-65EF-9D16-000000005403}5032C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007555Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:29:11.667{C36AC009-A1D7-65EF-9C16-000000005403}4752C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007554Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:29:11.602{C36AC009-A1D7-65EF-9A16-000000005403}3004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007553Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:29:07.376{C36AC009-A1D3-65EF-9916-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007552Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:29:06.750{C36AC009-A1D2-65EF-9816-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007551Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:29:06.000{C36AC009-A1D2-65EF-9716-000000005403}4744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007550Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:29:05.259{C36AC009-A1D1-65EF-9616-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007549Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:29:04.510{C36AC009-A1D0-65EF-9516-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007548Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:28:07.513{C36AC009-A197-65EF-9416-000000005403}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007547Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:28:06.750{C36AC009-A196-65EF-9316-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007546Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:28:06.000{C36AC009-A196-65EF-9216-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007545Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:28:05.250{C36AC009-A195-65EF-9116-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007544Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:28:04.500{C36AC009-A194-65EF-9016-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007543Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:27:07.450{C36AC009-A15B-65EF-8F16-000000005403}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007542Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:27:06.756{C36AC009-A15A-65EF-8E16-000000005403}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007541Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:27:06.005{C36AC009-A15A-65EF-8D16-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007540Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:27:05.257{C36AC009-A159-65EF-8C16-000000005403}1176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007539Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:27:04.496{C36AC009-A158-65EF-8B16-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007538Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:26:07.385{C36AC009-A11F-65EF-8A16-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007537Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:26:06.611{C36AC009-A11E-65EF-8916-000000005403}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007536Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:26:05.853{C36AC009-A11D-65EF-8816-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007535Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:26:05.243{C36AC009-A11D-65EF-8716-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007534Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:26:04.493{C36AC009-A11C-65EF-8616-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007533Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:25:07.387{C36AC009-A0E3-65EF-8516-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007532Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:25:06.762{C36AC009-A0E2-65EF-8416-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007531Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:25:06.003{C36AC009-A0E2-65EF-8316-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007530Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:25:05.253{C36AC009-A0E1-65EF-8216-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007529Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:25:04.487{C36AC009-A0E0-65EF-8116-000000005403}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007528Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:24:11.730{C36AC009-A0AB-65EF-8016-000000005403}4356C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007527Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:24:11.690{C36AC009-A0AB-65EF-7F16-000000005403}2808C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007526Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:24:11.654{C36AC009-A0AB-65EF-7E16-000000005403}4616C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007525Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:24:11.589{C36AC009-A0AB-65EF-7C16-000000005403}4940C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007524Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:24:07.396{C36AC009-A0A7-65EF-7B16-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007523Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:24:06.752{C36AC009-A0A6-65EF-7A16-000000005403}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007522Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:24:05.986{C36AC009-A0A5-65EF-7916-000000005403}4136C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007521Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:24:05.227{C36AC009-A0A5-65EF-7816-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007520Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:24:04.473{C36AC009-A0A4-65EF-7716-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007519Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:23:07.356{C36AC009-A06B-65EF-7616-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007518Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:23:06.715{C36AC009-A06A-65EF-7516-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007517Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:23:05.965{C36AC009-A069-65EF-7416-000000005403}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007516Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:23:05.225{C36AC009-A069-65EF-7316-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007515Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:23:04.475{C36AC009-A068-65EF-7216-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007514Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:22:07.353{C36AC009-A02F-65EF-7116-000000005403}4420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007513Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:22:06.727{C36AC009-A02E-65EF-7016-000000005403}2424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007512Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:22:05.977{C36AC009-A02D-65EF-6F16-000000005403}3492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007511Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:22:05.202{C36AC009-A02D-65EF-6E16-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007510Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:22:04.451{C36AC009-A02C-65EF-6D16-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007509Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:21:07.487{C36AC009-9FF3-65EF-6C16-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007508Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:21:06.725{C36AC009-9FF2-65EF-6B16-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007507Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:21:05.964{C36AC009-9FF1-65EF-6A16-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007506Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:21:05.198{C36AC009-9FF1-65EF-6916-000000005403}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007505Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:21:04.436{C36AC009-9FF0-65EF-6816-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007504Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:20:07.275{C36AC009-9FB7-65EF-6716-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007503Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:20:06.514{C36AC009-9FB6-65EF-6616-000000005403}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007502Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:20:05.764{C36AC009-9FB5-65EF-6516-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007501Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:20:05.174{C36AC009-9FB5-65EF-6416-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007500Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:20:04.427{C36AC009-9FB4-65EF-6316-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007499Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:19:11.715{C36AC009-9F7F-65EF-6216-000000005403}4184C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007498Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:19:11.676{C36AC009-9F7F-65EF-6116-000000005403}4492C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007497Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:19:11.640{C36AC009-9F7F-65EF-6016-000000005403}3556C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007496Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:19:11.576{C36AC009-9F7F-65EF-5E16-000000005403}2948C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007495Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:19:07.454{C36AC009-9F7B-65EF-5D16-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007494Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:19:06.693{C36AC009-9F7A-65EF-5C16-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007493Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:19:05.931{C36AC009-9F79-65EF-5B16-000000005403}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007492Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:19:05.168{C36AC009-9F79-65EF-5A16-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007491Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:19:04.403{C36AC009-9F78-65EF-5916-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007490Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:18:07.337{C36AC009-9F3F-65EF-5816-000000005403}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007489Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:18:06.573{C36AC009-9F3E-65EF-5716-000000005403}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007488Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:18:05.811{C36AC009-9F3D-65EF-5616-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007487Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:18:05.154{C36AC009-9F3D-65EF-5516-000000005403}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007486Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:18:04.391{C36AC009-9F3C-65EF-5416-000000005403}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007485Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:17:07.284{C36AC009-9F03-65EF-5316-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007484Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:17:06.641{C36AC009-9F02-65EF-5216-000000005403}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007483Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:17:05.885{C36AC009-9F01-65EF-5116-000000005403}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007482Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:17:05.135{C36AC009-9F01-65EF-5016-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007481Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:17:04.371{C36AC009-9F00-65EF-4F16-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007480Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:16:07.280{C36AC009-9EC7-65EF-4E16-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007479Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:16:06.640{C36AC009-9EC6-65EF-4D16-000000005403}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007478Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:16:05.881{C36AC009-9EC5-65EF-4C16-000000005403}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007477Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:16:05.131{C36AC009-9EC5-65EF-4B16-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007476Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:16:04.367{C36AC009-9EC4-65EF-4A16-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007475Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:15:07.325{C36AC009-9E8B-65EF-4916-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007474Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:15:06.637{C36AC009-9E8A-65EF-4816-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007473Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:15:05.871{C36AC009-9E89-65EF-4716-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007472Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:15:05.121{C36AC009-9E89-65EF-4616-000000005403}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007471Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:15:04.356{C36AC009-9E88-65EF-4516-000000005403}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007470Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:14:11.703{C36AC009-9E53-65EF-4416-000000005403}3540C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007469Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:14:11.665{C36AC009-9E53-65EF-4316-000000005403}1976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007468Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:14:11.629{C36AC009-9E53-65EF-4216-000000005403}3360C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007467Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:14:11.564{C36AC009-9E53-65EF-4016-000000005403}4348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007466Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:14:07.229{C36AC009-9E4F-65EF-3F16-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007465Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:14:06.479{C36AC009-9E4E-65EF-3E16-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007464Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:14:05.714{C36AC009-9E4D-65EF-3D16-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007463Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:14:05.097{C36AC009-9E4D-65EF-3C16-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007462Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:14:04.347{C36AC009-9E4C-65EF-3B16-000000005403}1504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007461Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:13:07.378{C36AC009-9E13-65EF-3A16-000000005403}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007460Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:13:06.611{C36AC009-9E12-65EF-3916-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007459Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:13:05.860{C36AC009-9E11-65EF-3816-000000005403}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007458Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:13:05.118{C36AC009-9E11-65EF-3716-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007457Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:13:04.351{C36AC009-9E10-65EF-3616-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007456Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:12:07.225{C36AC009-9DD7-65EF-3516-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007455Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:12:06.475{C36AC009-9DD6-65EF-3416-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007454Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:12:05.725{C36AC009-9DD5-65EF-3316-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007453Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:12:05.101{C36AC009-9DD5-65EF-3216-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007452Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:12:04.351{C36AC009-9DD4-65EF-3116-000000005403}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007451Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:11:07.367{C36AC009-9D9B-65EF-3016-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007450Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:11:06.602{C36AC009-9D9A-65EF-2F16-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007449Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:11:05.850{C36AC009-9D99-65EF-2E16-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007448Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:11:05.099{C36AC009-9D99-65EF-2D16-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007447Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:11:04.347{C36AC009-9D98-65EF-2C16-000000005403}4864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007446Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:10:07.377{C36AC009-9D5F-65EF-2B16-000000005403}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007445Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:10:06.611{C36AC009-9D5E-65EF-2A16-000000005403}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007444Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:10:05.858{C36AC009-9D5D-65EF-2916-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007443Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:10:05.107{C36AC009-9D5D-65EF-2816-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007442Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:10:04.342{C36AC009-9D5C-65EF-2716-000000005403}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007441Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:09:31.206{C36AC009-9D3B-65EF-2616-000000005403}4800C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.6700_none_7edb674a220f1eb8\TiWorker.exe10.0.14393.6700 (rs1_release.240108-1824)Windows Modules Installer WorkerMicrosoft® Windows® Operating SystemMicrosoft CorporationTiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.6700_none_7edb674a220f1eb8\TiWorker.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=46F4D66DA6DB12EC26A1CE860BD83208,SHA256=5E77061356B88BB2D661D66CB343A36ABF00D4E50F4A78DC6943046486B630ED,IMPHASH=38FF53C1CCC1EE4C508C0F83A88C4E19{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000007440Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:09:31.193{C36AC009-9D3B-65EF-2516-000000005403}4372C:\Windows\servicing\TrustedInstaller.exe10.0.14393.3564 (rs1_release.200303-1942)Windows Modules InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationTrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=187076E4BC7B2F5FB7D54D1234B3CDEA,SHA256=7AE4CC64E2F0E5C58ABB6542233DA78B9AEAAD22C9D853AB96265EF3FBFEFABE,IMPHASH=648F735E453FC6802BFAECAC5ACA72A4{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000007439Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:09:30.949{C36AC009-9D3A-65EF-2416-000000005403}4312C:\Windows\Temp\982C0711-A3A5-4A51-B87C-FFEF56E93936\DismHost.exe10.0.14393.4169 (rs1_release.210107-1130)Dism Host Servicing ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationDismHost.exeC:\Windows\TEMP\982C0711-A3A5-4A51-B87C-FFEF56E93936\dismhost.exe {15AB6A26-2894-4B77-93DE-2B4EF04FC5E4}C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=A59C22B77871CC18970038B7FA43826F,SHA256=CB84B51713BAD689ABB96560E57A71B276D4B28B1C09C7116EE85F5782A1B144,IMPHASH=734010D3430DBD2CA51B599924FE1424{C36AC009-9D3A-65EF-2316-000000005403}4896C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\system32\wbem\wmiprvse.exe -EmbeddingNT AUTHORITY\SYSTEM 154100x80000000000000007318Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:09:11.695{C36AC009-9D27-65EF-2216-000000005403}5000C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007317Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:09:11.656{C36AC009-9D27-65EF-2116-000000005403}3036C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007316Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:09:11.621{C36AC009-9D27-65EF-2016-000000005403}3900C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007315Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:09:11.556{C36AC009-9D27-65EF-1E16-000000005403}5036C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007314Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:09:07.351{C36AC009-9D23-65EF-1D16-000000005403}4392C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007313Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:09:06.598{C36AC009-9D22-65EF-1C16-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007312Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:09:05.849{C36AC009-9D21-65EF-1B16-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007311Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:09:05.093{C36AC009-9D21-65EF-1A16-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007310Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:09:04.328{C36AC009-9D20-65EF-1916-000000005403}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007309Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:08:07.346{C36AC009-9CE7-65EF-1816-000000005403}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007308Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:08:06.596{C36AC009-9CE6-65EF-1716-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007307Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:08:05.842{C36AC009-9CE5-65EF-1616-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007306Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:08:05.088{C36AC009-9CE5-65EF-1516-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007305Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:08:04.312{C36AC009-9CE4-65EF-1416-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007304Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:07:07.207{C36AC009-9CAB-65EF-1316-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007303Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:07:06.551{C36AC009-9CAA-65EF-1216-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007302Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:07:05.801{C36AC009-9CA9-65EF-1116-000000005403}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007301Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:07:05.042{C36AC009-9CA9-65EF-1016-000000005403}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007300Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:07:04.292{C36AC009-9CA8-65EF-0F16-000000005403}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007299Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:06:07.327{C36AC009-9C6F-65EF-0E16-000000005403}2632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007298Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:06:06.562{C36AC009-9C6E-65EF-0D16-000000005403}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007297Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:06:05.807{C36AC009-9C6D-65EF-0C16-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007296Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:06:05.052{C36AC009-9C6D-65EF-0B16-000000005403}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007295Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:06:04.286{C36AC009-9C6C-65EF-0A16-000000005403}4500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007294Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:05:06.755{C36AC009-9C32-65EF-0916-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007293Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:05:06.130{C36AC009-9C32-65EF-0816-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007292Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:05:05.525{C36AC009-9C31-65EF-0716-000000005403}3596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007291Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:05:04.900{C36AC009-9C30-65EF-0616-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007290Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:05:04.274{C36AC009-9C30-65EF-0516-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007289Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:04:11.680{C36AC009-9BFB-65EF-0416-000000005403}4640C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007288Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:04:11.640{C36AC009-9BFB-65EF-0316-000000005403}3636C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007287Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:04:11.606{C36AC009-9BFB-65EF-0216-000000005403}4664C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007286Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:04:11.541{C36AC009-9BFB-65EF-0016-000000005403}4904C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007285Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:04:07.215{C36AC009-9BF7-65EF-FF15-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007284Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:04:06.465{C36AC009-9BF6-65EF-FE15-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007283Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:04:05.715{C36AC009-9BF5-65EF-FD15-000000005403}4996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007282Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:04:05.016{C36AC009-9BF5-65EF-FC15-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007281Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:04:04.266{C36AC009-9BF4-65EF-FB15-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007280Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:03:07.180{C36AC009-9BBB-65EF-FA15-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007279Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:03:06.424{C36AC009-9BBA-65EF-F915-000000005403}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007278Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:03:05.667{C36AC009-9BB9-65EF-F815-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007277Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:03:05.011{C36AC009-9BB9-65EF-F715-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007276Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:03:04.270{C36AC009-9BB8-65EF-F615-000000005403}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007275Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:02:07.205{C36AC009-9B7F-65EF-F515-000000005403}1268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007274Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:02:06.448{C36AC009-9B7E-65EF-F415-000000005403}5000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007273Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:02:05.691{C36AC009-9B7D-65EF-F315-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007272Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:02:05.003{C36AC009-9B7D-65EF-F215-000000005403}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007271Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:02:04.246{C36AC009-9B7C-65EF-F115-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007270Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:01:07.259{C36AC009-9B43-65EF-F015-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007269Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:01:06.494{C36AC009-9B42-65EF-EF15-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007268Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:01:05.744{C36AC009-9B41-65EF-EE15-000000005403}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007267Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:01:04.994{C36AC009-9B40-65EF-ED15-000000005403}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007266Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:01:04.244{C36AC009-9B40-65EF-EC15-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007265Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:00:07.222{C36AC009-9B07-65EF-EB15-000000005403}708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007264Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:00:06.457{C36AC009-9B06-65EF-EA15-000000005403}2908C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007263Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:00:05.692{C36AC009-9B05-65EF-E915-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007262Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:00:04.988{C36AC009-9B04-65EF-E815-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007261Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-12 00:00:04.237{C36AC009-9B04-65EF-E715-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007260Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:59:11.654{C36AC009-9ACF-65EF-E415-000000005403}3040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007259Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:59:11.613{C36AC009-9ACF-65EF-E315-000000005403}3044C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007258Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:59:11.576{C36AC009-9ACF-65EF-E215-000000005403}1500C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007257Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:59:11.511{C36AC009-9ACF-65EF-E015-000000005403}504C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007256Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:59:07.172{C36AC009-9ACB-65EF-DF15-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007255Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:59:06.412{C36AC009-9ACA-65EF-DE15-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007254Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:59:05.651{C36AC009-9AC9-65EF-DD15-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007253Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:59:04.979{C36AC009-9AC8-65EF-DC15-000000005403}2184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007252Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:59:04.220{C36AC009-9AC8-65EF-DB15-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007251Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:58:07.095{C36AC009-9A8F-65EF-DA15-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007250Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:58:06.501{C36AC009-9A8E-65EF-D915-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007249Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:58:05.730{C36AC009-9A8D-65EF-D815-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007248Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:58:04.965{C36AC009-9A8C-65EF-D715-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007247Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:58:04.213{C36AC009-9A8C-65EF-D615-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007246Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:57:07.082{C36AC009-9A53-65EF-D515-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007245Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:57:06.493{C36AC009-9A52-65EF-D415-000000005403}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007244Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:57:05.727{C36AC009-9A51-65EF-D315-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007243Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:57:04.967{C36AC009-9A50-65EF-D215-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007242Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:57:04.203{C36AC009-9A50-65EF-D115-000000005403}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007241Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:56:07.153{C36AC009-9A17-65EF-D015-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007240Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:56:06.403{C36AC009-9A16-65EF-CF15-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007239Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:56:05.643{C36AC009-9A15-65EF-CE15-000000005403}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007238Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:56:04.960{C36AC009-9A14-65EF-CD15-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007237Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:56:04.210{C36AC009-9A14-65EF-CC15-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007236Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:55:07.244{C36AC009-99DB-65EF-CB15-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007235Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:55:06.479{C36AC009-99DA-65EF-CA15-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007234Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:55:05.722{C36AC009-99D9-65EF-C915-000000005403}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007233Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:55:04.956{C36AC009-99D8-65EF-C815-000000005403}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007232Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:55:04.206{C36AC009-99D8-65EF-C715-000000005403}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007231Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:54:11.648{C36AC009-99A3-65EF-C615-000000005403}3040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007230Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:54:11.608{C36AC009-99A3-65EF-C515-000000005403}4304C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007229Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:54:11.572{C36AC009-99A3-65EF-C415-000000005403}4992C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007228Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:54:11.507{C36AC009-99A3-65EF-C215-000000005403}1500C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007227Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:54:07.157{C36AC009-999F-65EF-C115-000000005403}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007226Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:54:06.453{C36AC009-999E-65EF-C015-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007225Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:54:05.703{C36AC009-999D-65EF-BF15-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007224Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:54:04.962{C36AC009-999C-65EF-BE15-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007223Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:54:04.210{C36AC009-999C-65EF-BD15-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007222Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:53:07.093{C36AC009-9963-65EF-BC15-000000005403}2456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007221Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:53:06.487{C36AC009-9962-65EF-BB15-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007220Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:53:05.721{C36AC009-9961-65EF-BA15-000000005403}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007219Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:53:04.971{C36AC009-9960-65EF-B915-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007218Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:53:04.212{C36AC009-9960-65EF-B815-000000005403}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007217Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:52:07.070{C36AC009-9927-65EF-B715-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007216Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:52:06.460{C36AC009-9926-65EF-B615-000000005403}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007215Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:52:05.697{C36AC009-9925-65EF-B515-000000005403}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007214Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:52:04.949{C36AC009-9924-65EF-B415-000000005403}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007213Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:52:04.199{C36AC009-9924-65EF-B315-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007212Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:51:07.184{C36AC009-98EB-65EF-B215-000000005403}3056C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007211Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:51:06.482{C36AC009-98EA-65EF-B115-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007210Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:51:05.717{C36AC009-98E9-65EF-B015-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007209Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:51:04.953{C36AC009-98E8-65EF-AF15-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007208Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:51:04.189{C36AC009-98E8-65EF-AE15-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007207Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:50:07.137{C36AC009-98AF-65EF-AD15-000000005403}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007206Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:50:06.387{C36AC009-98AE-65EF-AC15-000000005403}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007205Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:50:05.623{C36AC009-98AD-65EF-AB15-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007204Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:50:04.951{C36AC009-98AC-65EF-AA15-000000005403}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007203Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:50:04.186{C36AC009-98AC-65EF-A915-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007202Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:49:11.634{C36AC009-9877-65EF-A815-000000005403}1740C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007201Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:49:11.594{C36AC009-9877-65EF-A715-000000005403}4936C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007200Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:49:11.558{C36AC009-9877-65EF-A615-000000005403}5092C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007199Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:49:11.493{C36AC009-9877-65EF-A415-000000005403}3488C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007198Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:49:07.130{C36AC009-9873-65EF-A315-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007197Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:49:06.458{C36AC009-9872-65EF-A215-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007196Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:49:05.708{C36AC009-9871-65EF-A115-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007195Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:49:04.943{C36AC009-9870-65EF-A015-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007194Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:49:04.177{C36AC009-9870-65EF-9F15-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007193Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:48:07.183{C36AC009-9837-65EF-9E15-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007192Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:48:06.418{C36AC009-9836-65EF-9D15-000000005403}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007191Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:48:05.663{C36AC009-9835-65EF-9C15-000000005403}4364C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007190Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:48:04.944{C36AC009-9834-65EF-9B15-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007189Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:48:04.178{C36AC009-9834-65EF-9A15-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007188Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:47:07.073{C36AC009-97FB-65EF-9915-000000005403}2424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007187Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:47:06.322{C36AC009-97FA-65EF-9815-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007186Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:47:05.572{C36AC009-97F9-65EF-9715-000000005403}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007185Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:47:04.900{C36AC009-97F8-65EF-9615-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007184Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:47:04.149{C36AC009-97F8-65EF-9515-000000005403}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007183Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:46:07.091{C36AC009-97BF-65EF-9415-000000005403}4136C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007182Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:46:06.404{C36AC009-97BE-65EF-9315-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007181Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:46:05.652{C36AC009-97BD-65EF-9215-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007180Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:46:04.901{C36AC009-97BC-65EF-9115-000000005403}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007179Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:46:04.136{C36AC009-97BC-65EF-9015-000000005403}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007178Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:45:06.984{C36AC009-9782-65EF-8F15-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007177Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:45:06.218{C36AC009-9782-65EF-8E15-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007176Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:45:05.469{C36AC009-9781-65EF-8D15-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007175Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:45:04.873{C36AC009-9780-65EF-8C15-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007174Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:45:04.121{C36AC009-9780-65EF-8B15-000000005403}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007173Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:44:11.626{C36AC009-974B-65EF-8A15-000000005403}340C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007172Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:44:11.587{C36AC009-974B-65EF-8915-000000005403}1004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007171Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:44:11.552{C36AC009-974B-65EF-8815-000000005403}5000C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007170Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:44:11.486{C36AC009-974B-65EF-8615-000000005403}1340C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007169Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:44:06.982{C36AC009-9746-65EF-8515-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007168Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:44:06.355{C36AC009-9746-65EF-8415-000000005403}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007167Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:44:05.620{C36AC009-9745-65EF-8315-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007166Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:44:04.867{C36AC009-9744-65EF-8215-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007165Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:44:04.115{C36AC009-9744-65EF-8115-000000005403}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007164Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:43:07.118{C36AC009-970B-65EF-8015-000000005403}2040C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007163Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:43:06.368{C36AC009-970A-65EF-7F15-000000005403}4436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007162Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:43:05.615{C36AC009-9709-65EF-7E15-000000005403}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007161Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:43:04.861{C36AC009-9708-65EF-7D15-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007160Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:43:04.108{C36AC009-9708-65EF-7C15-000000005403}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007159Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:42:06.959{C36AC009-96CE-65EF-7B15-000000005403}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007158Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:42:06.361{C36AC009-96CE-65EF-7A15-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007157Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:42:05.611{C36AC009-96CD-65EF-7915-000000005403}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007156Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:42:04.861{C36AC009-96CC-65EF-7815-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007155Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:42:04.103{C36AC009-96CC-65EF-7715-000000005403}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007154Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:41:07.053{C36AC009-9693-65EF-7615-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007153Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:41:06.365{C36AC009-9692-65EF-7515-000000005403}2192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007152Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:41:05.611{C36AC009-9691-65EF-7415-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007151Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:41:04.856{C36AC009-9690-65EF-7315-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007150Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:41:04.090{C36AC009-9690-65EF-7215-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007149Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:40:06.926{C36AC009-9656-65EF-7115-000000005403}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007148Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:40:06.176{C36AC009-9656-65EF-7015-000000005403}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007147Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:40:05.422{C36AC009-9655-65EF-6F15-000000005403}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007146Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:40:04.827{C36AC009-9654-65EF-6E15-000000005403}4500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007145Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:40:04.073{C36AC009-9654-65EF-6D15-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007144Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:39:11.609{C36AC009-961F-65EF-6C15-000000005403}2940C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007143Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:39:11.571{C36AC009-961F-65EF-6B15-000000005403}4768C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007142Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:39:11.536{C36AC009-961F-65EF-6A15-000000005403}4896C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007141Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:39:11.471{C36AC009-961F-65EF-6815-000000005403}1360C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007140Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:39:07.132{C36AC009-961B-65EF-6715-000000005403}2084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007139Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:39:06.366{C36AC009-961A-65EF-6615-000000005403}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007138Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:39:05.611{C36AC009-9619-65EF-6515-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007137Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:39:04.840{C36AC009-9618-65EF-6415-000000005403}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007136Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:39:04.069{C36AC009-9618-65EF-6315-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007135Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:38:07.072{C36AC009-95DF-65EF-6215-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007134Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:38:06.331{C36AC009-95DE-65EF-6115-000000005403}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007133Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:38:05.581{C36AC009-95DD-65EF-6015-000000005403}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007132Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:38:04.816{C36AC009-95DC-65EF-5F15-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007131Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:38:04.060{C36AC009-95DC-65EF-5E15-000000005403}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007130Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:37:07.089{C36AC009-95A3-65EF-5D15-000000005403}4508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007129Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:37:06.332{C36AC009-95A2-65EF-5C15-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007128Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:37:05.576{C36AC009-95A1-65EF-5B15-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007127Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:37:04.810{C36AC009-95A0-65EF-5A15-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007126Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:37:04.047{C36AC009-95A0-65EF-5915-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007125Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:36:06.969{C36AC009-9566-65EF-5815-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007124Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:36:06.204{C36AC009-9566-65EF-5715-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007123Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:36:05.454{C36AC009-9565-65EF-5615-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007122Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:36:04.798{C36AC009-9564-65EF-5515-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007121Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:36:04.033{C36AC009-9564-65EF-5415-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007120Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:35:06.884{C36AC009-952A-65EF-5315-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007119Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:35:06.274{C36AC009-952A-65EF-5215-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007118Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:35:05.524{C36AC009-9529-65EF-5115-000000005403}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007117Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:35:04.766{C36AC009-9528-65EF-5015-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007116Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:35:04.008{C36AC009-9528-65EF-4F15-000000005403}3700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007115Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:34:11.610{C36AC009-94F3-65EF-4E15-000000005403}4644C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007114Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:34:11.572{C36AC009-94F3-65EF-4D15-000000005403}2956C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007113Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:34:11.535{C36AC009-94F3-65EF-4C15-000000005403}880C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007112Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:34:11.470{C36AC009-94F3-65EF-4A15-000000005403}4880C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007111Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:34:06.936{C36AC009-94EE-65EF-4915-000000005403}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007110Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:34:06.311{C36AC009-94EE-65EF-4815-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007109Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:34:05.545{C36AC009-94ED-65EF-4715-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007108Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:34:04.778{C36AC009-94EC-65EF-4615-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007107Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:34:04.013{C36AC009-94EC-65EF-4515-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007106Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:33:06.995{C36AC009-94B2-65EF-4415-000000005403}3584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007105Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:33:06.245{C36AC009-94B2-65EF-4315-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007104Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:33:05.495{C36AC009-94B1-65EF-4215-000000005403}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007103Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:33:04.742{C36AC009-94B0-65EF-4115-000000005403}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007102Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:33:03.992{C36AC009-94AF-65EF-4015-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007101Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:32:06.945{C36AC009-9476-65EF-3F15-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007100Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:32:06.198{C36AC009-9476-65EF-3E15-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007099Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:32:05.448{C36AC009-9475-65EF-3D15-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007098Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:32:04.744{C36AC009-9474-65EF-3C15-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007097Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:32:03.989{C36AC009-9473-65EF-3B15-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007096Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:31:06.834{C36AC009-943A-65EF-3A15-000000005403}3412C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007095Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:31:06.084{C36AC009-943A-65EF-3915-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007094Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:31:05.330{C36AC009-9439-65EF-3815-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007093Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:31:04.736{C36AC009-9438-65EF-3715-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007092Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:31:03.970{C36AC009-9437-65EF-3615-000000005403}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007091Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:30:06.982{C36AC009-93FE-65EF-3515-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007090Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:30:06.232{C36AC009-93FE-65EF-3415-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007089Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:30:05.482{C36AC009-93FD-65EF-3315-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007088Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:30:04.726{C36AC009-93FC-65EF-3215-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007087Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:30:03.960{C36AC009-93FB-65EF-3115-000000005403}3524C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007086Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:29:11.603{C36AC009-93C7-65EF-3015-000000005403}2668C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007085Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:29:11.562{C36AC009-93C7-65EF-2F15-000000005403}3712C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007084Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:29:11.526{C36AC009-93C7-65EF-2E15-000000005403}2168C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007083Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:29:11.461{C36AC009-93C7-65EF-2C15-000000005403}4676C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007082Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:29:07.002{C36AC009-93C3-65EF-2B15-000000005403}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007081Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:29:06.240{C36AC009-93C2-65EF-2A15-000000005403}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007080Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:29:05.475{C36AC009-93C1-65EF-2915-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007079Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:29:04.713{C36AC009-93C0-65EF-2815-000000005403}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007078Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:29:03.952{C36AC009-93BF-65EF-2715-000000005403}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007077Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:28:06.951{C36AC009-9386-65EF-2615-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007076Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:28:06.201{C36AC009-9386-65EF-2515-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007075Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:28:05.456{C36AC009-9385-65EF-2415-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007074Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:28:04.708{C36AC009-9384-65EF-2315-000000005403}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007073Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:28:03.942{C36AC009-9383-65EF-2215-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007072Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:27:06.985{C36AC009-934A-65EF-2115-000000005403}4840C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007071Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:27:06.235{C36AC009-934A-65EF-2015-000000005403}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007070Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:27:05.470{C36AC009-9349-65EF-1F15-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007069Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:27:04.707{C36AC009-9348-65EF-1E15-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007068Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:27:03.944{C36AC009-9347-65EF-1D15-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007067Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:26:06.979{C36AC009-930E-65EF-1C15-000000005403}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007066Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:26:06.231{C36AC009-930E-65EF-1B15-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007065Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:26:05.468{C36AC009-930D-65EF-1A15-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007064Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:26:04.702{C36AC009-930C-65EF-1915-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007063Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:26:03.939{C36AC009-930B-65EF-1815-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007062Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:25:07.000{C36AC009-92D3-65EF-1715-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007061Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:25:06.236{C36AC009-92D2-65EF-1615-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007060Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:25:05.470{C36AC009-92D1-65EF-1515-000000005403}2200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007059Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:25:04.706{C36AC009-92D0-65EF-1415-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007058Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:25:03.942{C36AC009-92CF-65EF-1315-000000005403}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007057Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:24:11.584{C36AC009-929B-65EF-1215-000000005403}4108C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007056Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:24:11.546{C36AC009-929B-65EF-1115-000000005403}4332C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007055Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:24:11.510{C36AC009-929B-65EF-1015-000000005403}4492C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007054Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:24:11.445{C36AC009-929B-65EF-0E15-000000005403}4868C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007053Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:24:06.891{C36AC009-9296-65EF-0D15-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007052Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:24:06.127{C36AC009-9296-65EF-0C15-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007051Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:24:05.363{C36AC009-9295-65EF-0B15-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007050Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:24:04.722{C36AC009-9294-65EF-0A15-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007049Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:24:03.958{C36AC009-9293-65EF-0915-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007048Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:23:06.955{C36AC009-925A-65EF-0815-000000005403}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007047Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:23:06.205{C36AC009-925A-65EF-0715-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007046Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:23:05.440{C36AC009-9259-65EF-0615-000000005403}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007045Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:23:04.705{C36AC009-9258-65EF-0515-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007044Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:23:03.941{C36AC009-9257-65EF-0415-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007043Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:22:06.824{C36AC009-921E-65EF-0315-000000005403}3492C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007042Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:22:06.074{C36AC009-921E-65EF-0215-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007041Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:22:05.325{C36AC009-921D-65EF-0115-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007040Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:22:04.684{C36AC009-921C-65EF-0015-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007039Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:22:03.918{C36AC009-921B-65EF-FF14-000000005403}2492C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007038Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:21:06.900{C36AC009-91E2-65EF-FE14-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007037Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:21:06.149{C36AC009-91E2-65EF-FD14-000000005403}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007036Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:21:05.398{C36AC009-91E1-65EF-FC14-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007035Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:21:04.648{C36AC009-91E0-65EF-FB14-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007034Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:21:03.897{C36AC009-91DF-65EF-FA14-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007033Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:20:06.792{C36AC009-91A6-65EF-F914-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007032Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:20:06.151{C36AC009-91A6-65EF-F814-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007031Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:20:05.401{C36AC009-91A5-65EF-F714-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007030Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:20:04.649{C36AC009-91A4-65EF-F614-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007029Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:20:03.883{C36AC009-91A3-65EF-F514-000000005403}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007028Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:19:11.574{C36AC009-916F-65EF-F414-000000005403}4424C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007027Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:19:11.534{C36AC009-916F-65EF-F314-000000005403}4436C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007026Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:19:11.498{C36AC009-916F-65EF-F214-000000005403}1360C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007025Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:19:11.433{C36AC009-916F-65EF-F014-000000005403}3348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000007024Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:19:06.744{C36AC009-916A-65EF-EF14-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007023Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:19:06.134{C36AC009-916A-65EF-EE14-000000005403}2084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007022Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:19:05.382{C36AC009-9169-65EF-ED14-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007021Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:19:04.630{C36AC009-9168-65EF-EC14-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007020Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:19:03.880{C36AC009-9167-65EF-EB14-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007019Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:18:06.724{C36AC009-912E-65EF-EA14-000000005403}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007018Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:18:06.128{C36AC009-912E-65EF-E914-000000005403}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007017Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:18:05.378{C36AC009-912D-65EF-E814-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007016Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:18:04.623{C36AC009-912C-65EF-E714-000000005403}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007015Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:18:03.873{C36AC009-912B-65EF-E614-000000005403}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007014Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:17:06.798{C36AC009-90F2-65EF-E514-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007013Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:17:06.042{C36AC009-90F2-65EF-E414-000000005403}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007012Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:17:05.275{C36AC009-90F1-65EF-E314-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007011Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:17:04.629{C36AC009-90F0-65EF-E214-000000005403}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007010Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:17:03.876{C36AC009-90EF-65EF-E114-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007009Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:16:06.738{C36AC009-90B6-65EF-E014-000000005403}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007008Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:16:06.137{C36AC009-90B6-65EF-DF14-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007007Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:16:05.383{C36AC009-90B5-65EF-DE14-000000005403}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007006Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:16:04.617{C36AC009-90B4-65EF-DD14-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007005Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:16:03.864{C36AC009-90B3-65EF-DC14-000000005403}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007004Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:15:06.856{C36AC009-907A-65EF-DB14-000000005403}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007003Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:15:06.102{C36AC009-907A-65EF-DA14-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007002Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:15:05.363{C36AC009-9079-65EF-D914-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007001Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:15:04.609{C36AC009-9078-65EF-D814-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000007000Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:15:03.859{C36AC009-9077-65EF-D714-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006999Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:14:11.563{C36AC009-9043-65EF-D614-000000005403}4316C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006998Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:14:11.523{C36AC009-9043-65EF-D514-000000005403}2892C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006997Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:14:11.487{C36AC009-9043-65EF-D414-000000005403}4424C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006996Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:14:11.422{C36AC009-9043-65EF-D214-000000005403}4436C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006995Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:14:06.816{C36AC009-903E-65EF-D114-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006994Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:14:06.062{C36AC009-903E-65EF-D014-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006993Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:14:05.307{C36AC009-903D-65EF-CF14-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006992Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:14:04.619{C36AC009-903C-65EF-CE14-000000005403}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006991Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:14:03.860{C36AC009-903B-65EF-CD14-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006990Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:13:06.899{C36AC009-9002-65EF-CC14-000000005403}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006989Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:13:06.133{C36AC009-9002-65EF-CB14-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006988Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:13:05.371{C36AC009-9001-65EF-CA14-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006987Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:13:04.615{C36AC009-9000-65EF-C914-000000005403}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006986Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:13:03.849{C36AC009-8FFF-65EF-C814-000000005403}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006985Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:12:06.858{C36AC009-8FC6-65EF-C714-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006984Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:12:06.101{C36AC009-8FC6-65EF-C614-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006983Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:12:05.361{C36AC009-8FC5-65EF-C514-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006982Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:12:04.604{C36AC009-8FC4-65EF-C414-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006981Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:12:03.848{C36AC009-8FC3-65EF-C314-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006980Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:11:06.867{C36AC009-8F8A-65EF-C214-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006979Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:11:06.110{C36AC009-8F8A-65EF-C114-000000005403}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006978Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:11:05.354{C36AC009-8F89-65EF-C014-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006977Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:11:04.596{C36AC009-8F88-65EF-BF14-000000005403}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006976Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:11:03.839{C36AC009-8F87-65EF-BE14-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006975Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:10:06.825{C36AC009-8F4E-65EF-BD14-000000005403}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006974Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:10:06.083{C36AC009-8F4E-65EF-BC14-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006973Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:10:05.333{C36AC009-8F4D-65EF-BB14-000000005403}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006972Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:10:04.578{C36AC009-8F4C-65EF-BA14-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006971Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:10:03.820{C36AC009-8F4B-65EF-B914-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006970Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:09:11.560{C36AC009-8F17-65EF-B814-000000005403}2912C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006969Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:09:11.520{C36AC009-8F17-65EF-B714-000000005403}3264C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006968Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:09:11.485{C36AC009-8F17-65EF-B614-000000005403}1484C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006967Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:09:11.420{C36AC009-8F17-65EF-B414-000000005403}5112C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006966Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:09:06.709{C36AC009-8F12-65EF-B314-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006965Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:09:05.943{C36AC009-8F11-65EF-B214-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006964Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:09:05.194{C36AC009-8F11-65EF-B114-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006963Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:09:04.584{C36AC009-8F10-65EF-B014-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006962Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:09:03.827{C36AC009-8F0F-65EF-AF14-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006961Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:08:06.829{C36AC009-8ED6-65EF-AE14-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006960Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:08:06.063{C36AC009-8ED6-65EF-AD14-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006959Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:08:05.298{C36AC009-8ED5-65EF-AC14-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006958Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:08:04.570{C36AC009-8ED4-65EF-AB14-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006957Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:08:03.819{C36AC009-8ED3-65EF-AA14-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006956Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:07:06.787{C36AC009-8E9A-65EF-A914-000000005403}304C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006955Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:07:06.090{C36AC009-8E9A-65EF-A814-000000005403}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006954Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:07:05.331{C36AC009-8E99-65EF-A714-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006953Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:07:04.566{C36AC009-8E98-65EF-A614-000000005403}2908C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006952Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:07:03.813{C36AC009-8E97-65EF-A514-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006951Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:06:06.711{C36AC009-8E5E-65EF-A414-000000005403}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006950Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:06:06.086{C36AC009-8E5E-65EF-A314-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006949Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:06:05.335{C36AC009-8E5D-65EF-A214-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006948Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:06:04.569{C36AC009-8E5C-65EF-A114-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006947Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:06:03.804{C36AC009-8E5B-65EF-A014-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006946Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:05:06.824{C36AC009-8E22-65EF-9F14-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006945Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:05:06.074{C36AC009-8E22-65EF-9E14-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006944Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:05:05.308{C36AC009-8E21-65EF-9D14-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006943Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:05:04.553{C36AC009-8E20-65EF-9C14-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006942Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:05:03.787{C36AC009-8E1F-65EF-9B14-000000005403}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006941Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:04:11.564{C36AC009-8DEB-65EF-9A14-000000005403}2816C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006940Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:04:11.524{C36AC009-8DEB-65EF-9914-000000005403}3152C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006939Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:04:11.489{C36AC009-8DEB-65EF-9814-000000005403}3332C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006938Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:04:11.424{C36AC009-8DEB-65EF-9614-000000005403}2908C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006937Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:04:06.672{C36AC009-8DE6-65EF-9514-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006936Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:04:06.046{C36AC009-8DE6-65EF-9414-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006935Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:04:05.282{C36AC009-8DE5-65EF-9314-000000005403}1948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006934Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:04:04.532{C36AC009-8DE4-65EF-9214-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006933Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:04:03.782{C36AC009-8DE3-65EF-9114-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006932Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:03:06.675{C36AC009-8DAA-65EF-9014-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006931Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:03:06.076{C36AC009-8DAA-65EF-8F14-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006930Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:03:05.310{C36AC009-8DA9-65EF-8E14-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006929Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:03:04.548{C36AC009-8DA8-65EF-8D14-000000005403}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006928Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:03:03.786{C36AC009-8DA7-65EF-8C14-000000005403}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006927Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:02:06.709{C36AC009-8D6E-65EF-8B14-000000005403}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006926Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:02:06.033{C36AC009-8D6E-65EF-8A14-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006925Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:02:05.283{C36AC009-8D6D-65EF-8914-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006924Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:02:04.521{C36AC009-8D6C-65EF-8814-000000005403}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006923Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:02:03.774{C36AC009-8D6B-65EF-8714-000000005403}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006922Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:01:06.820{C36AC009-8D32-65EF-8614-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006921Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:01:06.065{C36AC009-8D32-65EF-8514-000000005403}1948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006920Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:01:05.299{C36AC009-8D31-65EF-8414-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006919Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:01:04.537{C36AC009-8D30-65EF-8314-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006918Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:01:03.774{C36AC009-8D2F-65EF-8214-000000005403}3484C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006917Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:00:06.722{C36AC009-8CF6-65EF-8114-000000005403}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006916Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:00:06.038{C36AC009-8CF6-65EF-8014-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006915Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:00:05.275{C36AC009-8CF5-65EF-7F14-000000005403}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006914Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:00:04.528{C36AC009-8CF4-65EF-7E14-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006913Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 23:00:03.762{C36AC009-8CF3-65EF-7D14-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006912Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:59:11.556{C36AC009-8CBF-65EF-7C14-000000005403}3900C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006911Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:59:11.516{C36AC009-8CBF-65EF-7B14-000000005403}2896C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006910Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:59:11.479{C36AC009-8CBF-65EF-7A14-000000005403}708C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006909Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:59:11.415{C36AC009-8CBF-65EF-7814-000000005403}5016C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006908Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:59:06.801{C36AC009-8CBA-65EF-7714-000000005403}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006907Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:59:06.037{C36AC009-8CBA-65EF-7614-000000005403}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006906Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:59:05.277{C36AC009-8CB9-65EF-7514-000000005403}4996C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006905Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:59:04.513{C36AC009-8CB8-65EF-7414-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006904Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:59:03.749{C36AC009-8CB7-65EF-7314-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006903Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:58:06.621{C36AC009-8C7E-65EF-7214-000000005403}3356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006902Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:58:05.856{C36AC009-8C7D-65EF-7114-000000005403}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006901Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:58:05.100{C36AC009-8C7D-65EF-7014-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006900Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:58:04.490{C36AC009-8C7C-65EF-6F14-000000005403}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006899Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:58:03.740{C36AC009-8C7B-65EF-6E14-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006898Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:57:06.639{C36AC009-8C42-65EF-6D14-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006897Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:57:05.877{C36AC009-8C41-65EF-6C14-000000005403}5040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006896Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:57:05.104{C36AC009-8C41-65EF-6B14-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006895Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:57:04.494{C36AC009-8C40-65EF-6A14-000000005403}4472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006894Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:57:03.729{C36AC009-8C3F-65EF-6914-000000005403}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006893Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:56:06.746{C36AC009-8C06-65EF-6814-000000005403}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006892Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:56:05.996{C36AC009-8C05-65EF-6714-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006891Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:56:05.245{C36AC009-8C05-65EF-6614-000000005403}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006890Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:56:04.482{C36AC009-8C04-65EF-6514-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006889Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:56:03.716{C36AC009-8C03-65EF-6414-000000005403}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006888Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:55:06.649{C36AC009-8BCA-65EF-6314-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006887Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:55:05.898{C36AC009-8BC9-65EF-6214-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006886Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:55:05.133{C36AC009-8BC9-65EF-6114-000000005403}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006885Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:55:04.462{C36AC009-8BC8-65EF-6014-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006884Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:55:03.711{C36AC009-8BC7-65EF-5F14-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006883Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:54:11.553{C36AC009-8B93-65EF-5E14-000000005403}4136C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006882Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:54:11.515{C36AC009-8B93-65EF-5D14-000000005403}3524C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006881Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:54:11.479{C36AC009-8B93-65EF-5C14-000000005403}3868C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006880Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:54:11.415{C36AC009-8B93-65EF-5A14-000000005403}3860C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006879Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:54:06.683{C36AC009-8B8E-65EF-5914-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006878Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:54:05.931{C36AC009-8B8D-65EF-5814-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006877Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:54:05.164{C36AC009-8B8D-65EF-5714-000000005403}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006876Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:54:04.452{C36AC009-8B8C-65EF-5614-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006875Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:54:03.698{C36AC009-8B8B-65EF-5514-000000005403}3492C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006874Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:53:06.702{C36AC009-8B52-65EF-5414-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006873Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:53:05.937{C36AC009-8B51-65EF-5314-000000005403}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006872Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:53:05.185{C36AC009-8B51-65EF-5214-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006871Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:53:04.465{C36AC009-8B50-65EF-5114-000000005403}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006870Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:53:03.702{C36AC009-8B4F-65EF-5014-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006869Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:52:06.598{C36AC009-8B16-65EF-4F14-000000005403}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006868Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:52:05.846{C36AC009-8B15-65EF-4E14-000000005403}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006867Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:52:05.094{C36AC009-8B15-65EF-4D14-000000005403}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006866Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:52:04.453{C36AC009-8B14-65EF-4C14-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006865Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:52:03.706{C36AC009-8B13-65EF-4B14-000000005403}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006864Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:51:06.579{C36AC009-8ADA-65EF-4A14-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006863Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:51:05.814{C36AC009-8AD9-65EF-4914-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006862Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:51:05.061{C36AC009-8AD9-65EF-4814-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006861Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:51:04.464{C36AC009-8AD8-65EF-4714-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006860Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:51:03.696{C36AC009-8AD7-65EF-4614-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006859Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:50:06.706{C36AC009-8A9E-65EF-4514-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006858Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:50:05.952{C36AC009-8A9D-65EF-4414-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006857Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:50:05.202{C36AC009-8A9D-65EF-4314-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006856Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:50:04.444{C36AC009-8A9C-65EF-4214-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006855Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:50:03.694{C36AC009-8A9B-65EF-4114-000000005403}3484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006854Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:49:11.541{C36AC009-8A67-65EF-4014-000000005403}2080C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006853Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:49:11.502{C36AC009-8A67-65EF-3F14-000000005403}1976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006852Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:49:11.466{C36AC009-8A67-65EF-3E14-000000005403}4556C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006851Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:49:11.401{C36AC009-8A67-65EF-3C14-000000005403}296C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006850Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:49:06.659{C36AC009-8A62-65EF-3B14-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006849Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:49:05.955{C36AC009-8A61-65EF-3A14-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006848Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:49:05.196{C36AC009-8A61-65EF-3914-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006847Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:49:04.446{C36AC009-8A60-65EF-3814-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006846Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:49:03.681{C36AC009-8A5F-65EF-3714-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006845Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:48:06.705{C36AC009-8A26-65EF-3614-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006844Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:48:05.950{C36AC009-8A25-65EF-3514-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006843Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:48:05.179{C36AC009-8A25-65EF-3414-000000005403}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006842Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:48:04.413{C36AC009-8A24-65EF-3314-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006841Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:48:03.658{C36AC009-8A23-65EF-3214-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006840Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:47:06.662{C36AC009-89EA-65EF-3114-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006839Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:47:05.906{C36AC009-89E9-65EF-3014-000000005403}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006838Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:47:05.150{C36AC009-89E9-65EF-2F14-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006837Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:47:04.400{C36AC009-89E8-65EF-2E14-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006836Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:47:03.644{C36AC009-89E7-65EF-2D14-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006835Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:46:06.491{C36AC009-89AE-65EF-2C14-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006834Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:46:05.750{C36AC009-89AD-65EF-2B14-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006833Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:46:05.000{C36AC009-89AD-65EF-2A14-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006832Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:46:04.399{C36AC009-89AC-65EF-2914-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006831Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:46:03.634{C36AC009-89AB-65EF-2814-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006830Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:45:06.539{C36AC009-8972-65EF-2614-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006829Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:45:05.923{C36AC009-8971-65EF-2514-000000005403}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006828Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:45:05.166{C36AC009-8971-65EF-2414-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006827Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:45:04.401{C36AC009-8970-65EF-2314-000000005403}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006826Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:45:03.629{C36AC009-896F-65EF-2214-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006825Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:44:11.534{C36AC009-893B-65EF-2114-000000005403}764C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006824Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:44:11.495{C36AC009-893B-65EF-2014-000000005403}1740C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006823Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:44:11.459{C36AC009-893B-65EF-1F14-000000005403}184C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006822Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:44:11.394{C36AC009-893B-65EF-1D14-000000005403}296C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006821Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:44:06.674{C36AC009-8936-65EF-1C14-000000005403}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006820Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:44:05.908{C36AC009-8935-65EF-1B14-000000005403}4200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006819Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:44:05.158{C36AC009-8935-65EF-1A14-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006818Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:44:04.394{C36AC009-8934-65EF-1914-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006817Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:44:03.628{C36AC009-8933-65EF-1814-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006816Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:43:06.595{C36AC009-88FA-65EF-1714-000000005403}3748C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006815Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:43:05.837{C36AC009-88F9-65EF-1614-000000005403}3660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006814Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:43:05.079{C36AC009-88F9-65EF-1514-000000005403}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006813Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:43:04.391{C36AC009-88F8-65EF-1414-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006812Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:43:03.633{C36AC009-88F7-65EF-1314-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006811Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:42:06.655{C36AC009-88BE-65EF-1214-000000005403}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006810Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:42:05.896{C36AC009-88BD-65EF-1114-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006809Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:42:05.146{C36AC009-88BD-65EF-1014-000000005403}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006808Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:42:04.388{C36AC009-88BC-65EF-0F14-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006807Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:42:03.629{C36AC009-88BB-65EF-0E14-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006806Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:41:06.663{C36AC009-8882-65EF-0D14-000000005403}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006805Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:41:05.895{C36AC009-8881-65EF-0C14-000000005403}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006804Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:41:05.145{C36AC009-8881-65EF-0B14-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006803Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:41:04.379{C36AC009-8880-65EF-0A14-000000005403}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006802Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:41:03.620{C36AC009-887F-65EF-0914-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006801Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:40:06.581{C36AC009-8846-65EF-0814-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006800Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:40:05.877{C36AC009-8845-65EF-0714-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006799Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:40:05.117{C36AC009-8845-65EF-0614-000000005403}2040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006798Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:40:04.357{C36AC009-8844-65EF-0514-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006797Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:40:03.607{C36AC009-8843-65EF-0414-000000005403}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006796Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:39:11.532{C36AC009-880F-65EF-0314-000000005403}5028C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006795Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:39:11.492{C36AC009-880F-65EF-0214-000000005403}400C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006794Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:39:11.456{C36AC009-880F-65EF-0114-000000005403}2804C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006793Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:39:11.391{C36AC009-880F-65EF-FF13-000000005403}2352C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006792Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:39:06.618{C36AC009-880A-65EF-FE13-000000005403}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006791Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:39:05.857{C36AC009-8809-65EF-FD13-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006790Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:39:05.107{C36AC009-8809-65EF-FC13-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006789Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:39:04.362{C36AC009-8808-65EF-FB13-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006788Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:39:03.601{C36AC009-8807-65EF-FA13-000000005403}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006787Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:38:06.548{C36AC009-87CE-65EF-F913-000000005403}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006786Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:38:05.805{C36AC009-87CD-65EF-F813-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006785Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:38:05.049{C36AC009-87CD-65EF-F713-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006784Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:38:04.345{C36AC009-87CC-65EF-F613-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006783Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:38:03.595{C36AC009-87CB-65EF-F513-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006782Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:37:06.600{C36AC009-8792-65EF-F413-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006781Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:37:05.854{C36AC009-8791-65EF-F313-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006780Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:37:05.100{C36AC009-8791-65EF-F213-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006779Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:37:04.338{C36AC009-8790-65EF-F113-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006778Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:37:03.583{C36AC009-878F-65EF-F013-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006777Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:36:06.439{C36AC009-8756-65EF-EF13-000000005403}2192C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006776Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:36:05.849{C36AC009-8755-65EF-EE13-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006775Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:36:05.099{C36AC009-8755-65EF-ED13-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006774Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:36:04.337{C36AC009-8754-65EF-EC13-000000005403}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006773Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:36:03.585{C36AC009-8753-65EF-EB13-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006772Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:35:06.539{C36AC009-871A-65EF-EA13-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006771Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:35:05.851{C36AC009-8719-65EF-E913-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006770Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:35:05.101{C36AC009-8719-65EF-E813-000000005403}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006769Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:35:04.341{C36AC009-8718-65EF-E713-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006768Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:35:03.576{C36AC009-8717-65EF-E613-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006767Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:34:11.512{C36AC009-86E3-65EF-E513-000000005403}5032C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006766Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:34:11.474{C36AC009-86E3-65EF-E413-000000005403}368C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006765Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:34:11.437{C36AC009-86E3-65EF-E313-000000005403}4324C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006764Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:34:11.373{C36AC009-86E3-65EF-E113-000000005403}5056C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006763Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:34:06.581{C36AC009-86DE-65EF-E013-000000005403}184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006762Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:34:05.831{C36AC009-86DD-65EF-DF13-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006761Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:34:05.067{C36AC009-86DD-65EF-DE13-000000005403}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006760Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:34:04.319{C36AC009-86DC-65EF-DD13-000000005403}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006759Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:34:03.569{C36AC009-86DB-65EF-DC13-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006758Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:33:06.515{C36AC009-86A2-65EF-DB13-000000005403}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006757Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:33:05.813{C36AC009-86A1-65EF-DA13-000000005403}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006756Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:33:05.049{C36AC009-86A1-65EF-D913-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006755Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:33:04.299{C36AC009-86A0-65EF-D813-000000005403}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006754Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:33:03.549{C36AC009-869F-65EF-D713-000000005403}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006753Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:32:06.491{C36AC009-8666-65EF-D613-000000005403}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006752Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:32:05.818{C36AC009-8665-65EF-D513-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006751Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:32:05.053{C36AC009-8665-65EF-D413-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006750Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:32:04.304{C36AC009-8664-65EF-D313-000000005403}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006749Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:32:03.538{C36AC009-8663-65EF-D213-000000005403}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006748Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:31:06.379{C36AC009-862A-65EF-D113-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006747Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:31:05.629{C36AC009-8629-65EF-D013-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006746Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:31:04.879{C36AC009-8628-65EF-CF13-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006745Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:31:04.285{C36AC009-8628-65EF-CE13-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006744Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:31:03.520{C36AC009-8627-65EF-CD13-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006743Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:30:06.464{C36AC009-85EE-65EF-CC13-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006742Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:30:05.714{C36AC009-85ED-65EF-CB13-000000005403}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006741Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:30:04.963{C36AC009-85EC-65EF-CA13-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006740Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:30:04.259{C36AC009-85EC-65EF-C913-000000005403}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006739Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:30:03.509{C36AC009-85EB-65EF-C813-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006738Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:29:11.503{C36AC009-85B7-65EF-C713-000000005403}588C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006737Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:29:11.464{C36AC009-85B7-65EF-C613-000000005403}3564C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006736Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:29:11.428{C36AC009-85B7-65EF-C513-000000005403}4848C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006735Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:29:11.363{C36AC009-85B7-65EF-C313-000000005403}3524C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006734Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:29:06.463{C36AC009-85B2-65EF-C213-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006733Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:29:05.697{C36AC009-85B1-65EF-C113-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006732Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:29:04.947{C36AC009-85B0-65EF-C013-000000005403}5000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006731Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:29:04.258{C36AC009-85B0-65EF-BF13-000000005403}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006730Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:29:03.508{C36AC009-85AF-65EF-BE13-000000005403}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006729Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:28:06.556{C36AC009-8576-65EF-BD13-000000005403}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006728Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:28:05.790{C36AC009-8575-65EF-BC13-000000005403}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006727Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:28:05.023{C36AC009-8575-65EF-BB13-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006726Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:28:04.257{C36AC009-8574-65EF-BA13-000000005403}4972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006725Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:28:03.506{C36AC009-8573-65EF-B913-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006724Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:27:06.513{C36AC009-853A-65EF-B813-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006723Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:27:05.763{C36AC009-8539-65EF-B713-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006722Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:27:05.013{C36AC009-8539-65EF-B613-000000005403}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006721Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:27:04.259{C36AC009-8538-65EF-B513-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006720Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:27:03.509{C36AC009-8537-65EF-B413-000000005403}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006719Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:26:06.351{C36AC009-84FE-65EF-B313-000000005403}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006718Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:26:05.599{C36AC009-84FD-65EF-B213-000000005403}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006717Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:26:04.846{C36AC009-84FC-65EF-B113-000000005403}3188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006716Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:26:04.237{C36AC009-84FC-65EF-B013-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006715Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:26:03.484{C36AC009-84FB-65EF-AF13-000000005403}3824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006714Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:25:06.516{C36AC009-84C2-65EF-AE13-000000005403}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006713Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:25:05.750{C36AC009-84C1-65EF-AD13-000000005403}2300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006712Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:25:04.985{C36AC009-84C0-65EF-AC13-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006711Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:25:04.219{C36AC009-84C0-65EF-AB13-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006710Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:25:03.470{C36AC009-84BF-65EF-AA13-000000005403}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006709Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:24:11.497{C36AC009-848B-65EF-A913-000000005403}1184C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006708Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:24:11.459{C36AC009-848B-65EF-A813-000000005403}2200C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006707Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:24:11.424{C36AC009-848B-65EF-A713-000000005403}4188C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006706Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:24:11.359{C36AC009-848B-65EF-A513-000000005403}2056C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006705Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:24:06.465{C36AC009-8486-65EF-A413-000000005403}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006704Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:24:05.715{C36AC009-8485-65EF-A313-000000005403}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006703Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:24:04.965{C36AC009-8484-65EF-A213-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006702Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:24:04.207{C36AC009-8484-65EF-A113-000000005403}4136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006701Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:24:03.457{C36AC009-8483-65EF-A013-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006700Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:23:06.332{C36AC009-844A-65EF-9F13-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006699Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:23:05.562{C36AC009-8449-65EF-9E13-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006698Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:23:04.807{C36AC009-8448-65EF-9D13-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006697Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:23:04.213{C36AC009-8448-65EF-9C13-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006696Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:23:03.458{C36AC009-8447-65EF-9B13-000000005403}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006695Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:22:06.479{C36AC009-840E-65EF-9A13-000000005403}4420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006694Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:22:05.714{C36AC009-840D-65EF-9913-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006693Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:22:04.953{C36AC009-840C-65EF-9813-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006692Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:22:04.203{C36AC009-840C-65EF-9713-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006691Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:22:03.453{C36AC009-840B-65EF-9613-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006690Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:21:06.377{C36AC009-83D2-65EF-9513-000000005403}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006689Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:21:05.715{C36AC009-83D1-65EF-9413-000000005403}1088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006688Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:21:04.960{C36AC009-83D0-65EF-9313-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006687Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:21:04.194{C36AC009-83D0-65EF-9213-000000005403}3960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006686Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:21:03.439{C36AC009-83CF-65EF-9113-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006685Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:20:06.275{C36AC009-8396-65EF-9013-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006684Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:20:05.681{C36AC009-8395-65EF-8F13-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006683Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:20:04.931{C36AC009-8394-65EF-8E13-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006682Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:20:04.175{C36AC009-8394-65EF-8D13-000000005403}2300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006681Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:20:03.418{C36AC009-8393-65EF-8C13-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006680Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:19:11.489{C36AC009-835F-65EF-8B13-000000005403}1140C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006679Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:19:11.451{C36AC009-835F-65EF-8A13-000000005403}1500C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006678Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:19:11.415{C36AC009-835F-65EF-8913-000000005403}720C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006677Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:19:11.351{C36AC009-835F-65EF-8713-000000005403}3320C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006676Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:19:06.451{C36AC009-835A-65EF-8613-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006675Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:19:05.701{C36AC009-8359-65EF-8513-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006674Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:19:04.935{C36AC009-8358-65EF-8413-000000005403}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006673Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:19:04.172{C36AC009-8358-65EF-8313-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006672Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:19:03.422{C36AC009-8357-65EF-8213-000000005403}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006671Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:18:06.430{C36AC009-831E-65EF-8113-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006670Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:18:05.657{C36AC009-831D-65EF-8013-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006669Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:18:04.892{C36AC009-831C-65EF-7F13-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006668Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:18:04.181{C36AC009-831C-65EF-7E13-000000005403}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006667Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:18:03.408{C36AC009-831B-65EF-7D13-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006666Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:17:06.446{C36AC009-82E2-65EF-7C13-000000005403}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006665Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:17:05.696{C36AC009-82E1-65EF-7B13-000000005403}1140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006664Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:17:04.938{C36AC009-82E0-65EF-7A13-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006663Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:17:04.180{C36AC009-82E0-65EF-7913-000000005403}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006662Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:17:03.414{C36AC009-82DF-65EF-7813-000000005403}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006661Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:16:06.437{C36AC009-82A6-65EF-7713-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006660Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:16:05.671{C36AC009-82A5-65EF-7613-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006659Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:16:04.919{C36AC009-82A4-65EF-7513-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006658Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:16:04.169{C36AC009-82A4-65EF-7413-000000005403}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006657Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:16:03.410{C36AC009-82A3-65EF-7313-000000005403}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006656Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:15:06.345{C36AC009-826A-65EF-7213-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006655Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:15:05.580{C36AC009-8269-65EF-7113-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006654Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:15:04.815{C36AC009-8268-65EF-7013-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006653Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:15:04.170{C36AC009-8268-65EF-6F13-000000005403}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006652Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:15:03.404{C36AC009-8267-65EF-6E13-000000005403}5096C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006651Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:14:11.472{C36AC009-8233-65EF-6D13-000000005403}724C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006650Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:14:11.434{C36AC009-8233-65EF-6C13-000000005403}4568C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006649Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:14:11.398{C36AC009-8233-65EF-6B13-000000005403}348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006648Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:14:11.333{C36AC009-8233-65EF-6913-000000005403}3004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006647Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:14:06.420{C36AC009-822E-65EF-6813-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006646Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:14:05.676{C36AC009-822D-65EF-6713-000000005403}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006645Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:14:04.916{C36AC009-822C-65EF-6613-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006644Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:14:04.150{C36AC009-822C-65EF-6513-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006643Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:14:03.390{C36AC009-822B-65EF-6413-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006642Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:13:06.245{C36AC009-81F2-65EF-6313-000000005403}3056C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006641Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:13:05.641{C36AC009-81F1-65EF-6213-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006640Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:13:04.881{C36AC009-81F0-65EF-6113-000000005403}4404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006639Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:13:04.131{C36AC009-81F0-65EF-6013-000000005403}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006638Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:13:03.370{C36AC009-81EF-65EF-5F13-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006637Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:12:06.376{C36AC009-81B6-65EF-5E13-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006636Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:12:05.611{C36AC009-81B5-65EF-5D13-000000005403}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006635Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:12:04.850{C36AC009-81B4-65EF-5C13-000000005403}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006634Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:12:04.120{C36AC009-81B4-65EF-5B13-000000005403}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006633Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:12:03.354{C36AC009-81B3-65EF-5A13-000000005403}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006632Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:11:06.232{C36AC009-817A-65EF-5913-000000005403}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006631Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:11:05.471{C36AC009-8179-65EF-5813-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006630Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:11:04.709{C36AC009-8178-65EF-5713-000000005403}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006629Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:11:04.100{C36AC009-8178-65EF-5613-000000005403}4508C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006628Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:11:03.338{C36AC009-8177-65EF-5513-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006627Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:10:06.347{C36AC009-813E-65EF-5413-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006626Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:10:05.585{C36AC009-813D-65EF-5313-000000005403}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006625Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:10:04.822{C36AC009-813C-65EF-5213-000000005403}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006624Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:10:04.072{C36AC009-813C-65EF-5113-000000005403}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006623Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:10:03.322{C36AC009-813B-65EF-5013-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006622Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:09:11.466{C36AC009-8107-65EF-4F13-000000005403}3320C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006621Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:09:11.427{C36AC009-8107-65EF-4E13-000000005403}3004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006620Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:09:11.391{C36AC009-8107-65EF-4D13-000000005403}212C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006619Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:09:11.327{C36AC009-8107-65EF-4B13-000000005403}2168C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006618Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:09:06.136{C36AC009-8102-65EF-4A13-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006617Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:09:05.511{C36AC009-8101-65EF-4913-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006616Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:09:04.826{C36AC009-8100-65EF-4813-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006615Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:09:04.078{C36AC009-8100-65EF-4713-000000005403}1600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006614Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:09:03.313{C36AC009-80FF-65EF-4613-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006610Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:08:06.329{C36AC009-80C6-65EF-4513-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006609Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:08:05.579{C36AC009-80C5-65EF-4413-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006608Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:08:04.831{C36AC009-80C4-65EF-4313-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006607Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:08:04.067{C36AC009-80C4-65EF-4213-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006606Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:08:03.302{C36AC009-80C3-65EF-4113-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006605Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:07:06.297{C36AC009-808A-65EF-4013-000000005403}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006604Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:07:05.532{C36AC009-8089-65EF-3F13-000000005403}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006603Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:07:04.768{C36AC009-8088-65EF-3E13-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006602Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:07:04.050{C36AC009-8088-65EF-3D13-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006601Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:07:03.301{C36AC009-8087-65EF-3C13-000000005403}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006600Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:06:06.293{C36AC009-804E-65EF-3B13-000000005403}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006599Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:06:05.528{C36AC009-804D-65EF-3A13-000000005403}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006598Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:06:04.762{C36AC009-804C-65EF-3913-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006597Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:06:04.043{C36AC009-804C-65EF-3813-000000005403}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006596Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:06:03.293{C36AC009-804B-65EF-3713-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006595Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:05:06.318{C36AC009-8012-65EF-3613-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006594Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:05:05.552{C36AC009-8011-65EF-3513-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006593Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:05:04.803{C36AC009-8010-65EF-3413-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006592Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:05:04.053{C36AC009-8010-65EF-3313-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006591Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:05:03.288{C36AC009-800F-65EF-3213-000000005403}4176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006590Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:04:11.460{C36AC009-7FDB-65EF-3113-000000005403}3628C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006589Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:04:11.421{C36AC009-7FDB-65EF-3013-000000005403}4396C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006588Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:04:11.385{C36AC009-7FDB-65EF-2F13-000000005403}4208C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006587Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:04:11.319{C36AC009-7FDB-65EF-2D13-000000005403}3564C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006586Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:04:06.199{C36AC009-7FD6-65EF-2C13-000000005403}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006585Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:04:05.542{C36AC009-7FD5-65EF-2B13-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006584Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:04:04.792{C36AC009-7FD4-65EF-2A13-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006583Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:04:04.042{C36AC009-7FD4-65EF-2913-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006582Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:04:03.276{C36AC009-7FD3-65EF-2813-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006581Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:03:06.190{C36AC009-7F9A-65EF-2713-000000005403}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006580Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:03:05.439{C36AC009-7F99-65EF-2613-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006579Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:03:04.688{C36AC009-7F98-65EF-2513-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006578Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:03:04.047{C36AC009-7F98-65EF-2413-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006577Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:03:03.281{C36AC009-7F97-65EF-2313-000000005403}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006576Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:02:06.251{C36AC009-7F5E-65EF-2213-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006575Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:02:05.501{C36AC009-7F5D-65EF-2113-000000005403}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006574Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:02:04.782{C36AC009-7F5C-65EF-2013-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006573Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:02:04.016{C36AC009-7F5C-65EF-1F13-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006572Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:02:03.264{C36AC009-7F5B-65EF-1E13-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006571Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:01:06.266{C36AC009-7F22-65EF-1D13-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006570Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:01:05.500{C36AC009-7F21-65EF-1C13-000000005403}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006569Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:01:04.746{C36AC009-7F20-65EF-1B13-000000005403}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006568Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:01:03.994{C36AC009-7F1F-65EF-1A13-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006567Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:01:03.244{C36AC009-7F1F-65EF-1913-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006566Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:00:06.089{C36AC009-7EE6-65EF-1813-000000005403}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006565Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:00:05.495{C36AC009-7EE5-65EF-1713-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006564Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:00:04.745{C36AC009-7EE4-65EF-1613-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006563Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:00:03.986{C36AC009-7EE3-65EF-1513-000000005403}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006562Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 22:00:03.236{C36AC009-7EE3-65EF-1413-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006561Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:59:11.447{C36AC009-7EAF-65EF-1313-000000005403}3004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006560Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:59:11.408{C36AC009-7EAF-65EF-1213-000000005403}5008C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006559Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:59:11.371{C36AC009-7EAF-65EF-1113-000000005403}4928C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006558Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:59:11.306{C36AC009-7EAF-65EF-0F13-000000005403}4356C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006557Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:59:06.250{C36AC009-7EAA-65EF-0E13-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006556Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:59:05.496{C36AC009-7EA9-65EF-0D13-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006555Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:59:04.730{C36AC009-7EA8-65EF-0C13-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006554Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:59:03.989{C36AC009-7EA7-65EF-0B13-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006553Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:59:03.235{C36AC009-7EA7-65EF-0A13-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006552Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:58:06.085{C36AC009-7E6E-65EF-0913-000000005403}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006551Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:58:05.331{C36AC009-7E6D-65EF-0813-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006550Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:58:04.581{C36AC009-7E6C-65EF-0713-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006549Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:58:03.968{C36AC009-7E6B-65EF-0613-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006548Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:58:03.214{C36AC009-7E6B-65EF-0513-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006547Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:57:06.242{C36AC009-7E32-65EF-0413-000000005403}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006546Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:57:05.476{C36AC009-7E31-65EF-0313-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006545Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:57:04.719{C36AC009-7E30-65EF-0213-000000005403}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006544Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:57:03.965{C36AC009-7E2F-65EF-0113-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006543Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:57:03.223{C36AC009-7E2F-65EF-0013-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006542Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:56:06.269{C36AC009-7DF6-65EF-FF12-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006541Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:56:05.499{C36AC009-7DF5-65EF-FE12-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006540Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:56:04.727{C36AC009-7DF4-65EF-FD12-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006539Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:56:03.970{C36AC009-7DF3-65EF-FC12-000000005403}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006538Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:56:03.208{C36AC009-7DF3-65EF-FB12-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006537Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:55:06.225{C36AC009-7DBA-65EF-FA12-000000005403}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006536Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:55:05.460{C36AC009-7DB9-65EF-F912-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006535Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:55:04.701{C36AC009-7DB8-65EF-F812-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006534Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:55:03.951{C36AC009-7DB7-65EF-F712-000000005403}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006533Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:55:03.195{C36AC009-7DB7-65EF-F612-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006532Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:54:11.435{C36AC009-7D83-65EF-F512-000000005403}688C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006531Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:54:11.396{C36AC009-7D83-65EF-F412-000000005403}588C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006530Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:54:11.360{C36AC009-7D83-65EF-F312-000000005403}4984C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006529Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:54:11.295{C36AC009-7D83-65EF-F112-000000005403}3628C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006528Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:54:06.041{C36AC009-7D7E-65EF-F012-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006527Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:54:05.285{C36AC009-7D7D-65EF-EF12-000000005403}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006526Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:54:04.529{C36AC009-7D7C-65EF-EE12-000000005403}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006525Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:54:03.935{C36AC009-7D7B-65EF-ED12-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006524Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:54:03.179{C36AC009-7D7B-65EF-EC12-000000005403}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006523Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:53:06.196{C36AC009-7D42-65EF-EB12-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006522Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:53:05.439{C36AC009-7D41-65EF-EA12-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006521Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:53:04.689{C36AC009-7D40-65EF-E912-000000005403}1992C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006520Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:53:03.931{C36AC009-7D3F-65EF-E812-000000005403}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006519Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:53:03.174{C36AC009-7D3F-65EF-E712-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006518Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:52:06.104{C36AC009-7D06-65EF-E612-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006517Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:52:05.354{C36AC009-7D05-65EF-E512-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006516Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:52:04.596{C36AC009-7D04-65EF-E412-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006515Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:52:03.916{C36AC009-7D03-65EF-E312-000000005403}3040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006514Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:52:03.166{C36AC009-7D03-65EF-E212-000000005403}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006513Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:51:06.115{C36AC009-7CCA-65EF-E112-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006512Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:51:05.365{C36AC009-7CC9-65EF-E012-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006511Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:51:04.607{C36AC009-7CC8-65EF-DF12-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006510Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:51:03.911{C36AC009-7CC7-65EF-DE12-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006509Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:51:03.145{C36AC009-7CC7-65EF-DD12-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006508Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:50:05.937{C36AC009-7C8D-65EF-DC12-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006507Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:50:05.312{C36AC009-7C8D-65EF-DB12-000000005403}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006506Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:50:04.663{C36AC009-7C8C-65EF-DA12-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006505Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:50:03.904{C36AC009-7C8B-65EF-D912-000000005403}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006504Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:50:03.139{C36AC009-7C8B-65EF-D812-000000005403}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006503Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:49:11.420{C36AC009-7C57-65EF-D712-000000005403}2956C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006502Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:49:11.381{C36AC009-7C57-65EF-D612-000000005403}3036C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006501Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:49:11.344{C36AC009-7C57-65EF-D512-000000005403}2176C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006500Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:49:11.279{C36AC009-7C57-65EF-D312-000000005403}1380C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006499Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:49:06.164{C36AC009-7C52-65EF-D212-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006498Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:49:05.410{C36AC009-7C51-65EF-D112-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006497Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:49:04.660{C36AC009-7C50-65EF-D012-000000005403}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006496Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:49:03.893{C36AC009-7C4F-65EF-CF12-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006495Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:49:03.142{C36AC009-7C4F-65EF-CE12-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006494Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:48:06.038{C36AC009-7C16-65EF-CD12-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006493Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:48:05.293{C36AC009-7C15-65EF-CC12-000000005403}1404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006492Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:48:04.538{C36AC009-7C14-65EF-CB12-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006491Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:48:03.897{C36AC009-7C13-65EF-CA12-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006490Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:48:03.134{C36AC009-7C13-65EF-C912-000000005403}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006489Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:47:06.061{C36AC009-7BDA-65EF-C812-000000005403}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006488Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:47:05.284{C36AC009-7BD9-65EF-C712-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006487Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:47:04.526{C36AC009-7BD8-65EF-C612-000000005403}4532C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006486Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:47:03.890{C36AC009-7BD7-65EF-C512-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006485Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:47:03.129{C36AC009-7BD7-65EF-C412-000000005403}4472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006484Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:46:06.175{C36AC009-7B9E-65EF-C312-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006483Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:46:05.413{C36AC009-7B9D-65EF-C212-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006482Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:46:04.654{C36AC009-7B9C-65EF-C112-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006481Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:46:03.893{C36AC009-7B9B-65EF-C012-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006480Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:46:03.131{C36AC009-7B9B-65EF-BF12-000000005403}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006479Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:45:06.179{C36AC009-7B62-65EF-BE12-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006478Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:45:05.427{C36AC009-7B61-65EF-BD12-000000005403}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006477Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:45:04.666{C36AC009-7B60-65EF-BC12-000000005403}2492C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006476Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:45:03.904{C36AC009-7B5F-65EF-BB12-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006475Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:45:03.138{C36AC009-7B5F-65EF-BA12-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006474Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:44:11.421{C36AC009-7B2B-65EF-B912-000000005403}1184C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006473Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:44:11.381{C36AC009-7B2B-65EF-B812-000000005403}4792C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006472Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:44:11.343{C36AC009-7B2B-65EF-B712-000000005403}4312C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006471Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:44:11.270{C36AC009-7B2B-65EF-B512-000000005403}2336C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006470Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:44:06.120{C36AC009-7B26-65EF-B412-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006469Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:44:05.370{C36AC009-7B25-65EF-B312-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006468Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:44:04.620{C36AC009-7B24-65EF-B212-000000005403}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006467Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:44:03.864{C36AC009-7B23-65EF-B112-000000005403}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006466Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:44:03.114{C36AC009-7B23-65EF-B012-000000005403}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006465Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:43:06.100{C36AC009-7AEA-65EF-AF12-000000005403}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006464Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:43:05.336{C36AC009-7AE9-65EF-AE12-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006463Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:43:04.587{C36AC009-7AE8-65EF-AD12-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006462Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:43:03.884{C36AC009-7AE7-65EF-AC12-000000005403}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006461Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:43:03.121{C36AC009-7AE7-65EF-AB12-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006460Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:42:06.167{C36AC009-7AAE-65EF-AA12-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006459Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:42:05.404{C36AC009-7AAD-65EF-A912-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006458Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:42:04.638{C36AC009-7AAC-65EF-A812-000000005403}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006457Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:42:03.875{C36AC009-7AAB-65EF-A712-000000005403}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006456Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:42:03.124{C36AC009-7AAB-65EF-A612-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006455Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:41:06.038{C36AC009-7A72-65EF-A512-000000005403}3700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006454Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:41:05.381{C36AC009-7A71-65EF-A412-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006453Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:41:04.617{C36AC009-7A70-65EF-A312-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006452Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:41:03.869{C36AC009-7A6F-65EF-A212-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006451Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:41:03.115{C36AC009-7A6F-65EF-A112-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006450Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:40:06.057{C36AC009-7A36-65EF-A012-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006449Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:40:05.400{C36AC009-7A35-65EF-9F12-000000005403}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006448Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:40:04.636{C36AC009-7A34-65EF-9E12-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006447Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:40:03.886{C36AC009-7A33-65EF-9D12-000000005403}4392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006446Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:40:03.121{C36AC009-7A33-65EF-9C12-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006445Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:39:11.407{C36AC009-79FF-65EF-9B12-000000005403}2828C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006444Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:39:11.367{C36AC009-79FF-65EF-9A12-000000005403}2012C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006443Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:39:11.332{C36AC009-79FF-65EF-9912-000000005403}3520C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006442Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:39:11.267{C36AC009-79FF-65EF-9712-000000005403}2056C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006441Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:39:06.069{C36AC009-79FA-65EF-9612-000000005403}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006440Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:39:05.320{C36AC009-79F9-65EF-9512-000000005403}1380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006439Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:39:04.632{C36AC009-79F8-65EF-9412-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006438Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:39:03.882{C36AC009-79F7-65EF-9312-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006437Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:39:03.122{C36AC009-79F7-65EF-9212-000000005403}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006436Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:38:06.120{C36AC009-79BE-65EF-9112-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006435Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:38:05.369{C36AC009-79BD-65EF-9012-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006434Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:38:04.619{C36AC009-79BC-65EF-8F12-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006433Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:38:03.869{C36AC009-79BB-65EF-8E12-000000005403}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006432Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:38:03.118{C36AC009-79BB-65EF-8D12-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006431Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:37:06.117{C36AC009-7982-65EF-8C12-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006430Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:37:05.367{C36AC009-7981-65EF-8B12-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006429Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:37:04.616{C36AC009-7980-65EF-8A12-000000005403}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006428Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:37:03.865{C36AC009-797F-65EF-8912-000000005403}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006427Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:37:03.114{C36AC009-797F-65EF-8812-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006426Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:36:05.989{C36AC009-7945-65EF-8712-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006425Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:36:05.224{C36AC009-7945-65EF-8612-000000005403}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006424Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:36:04.472{C36AC009-7944-65EF-8512-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006423Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:36:03.861{C36AC009-7943-65EF-8412-000000005403}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006422Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:36:03.095{C36AC009-7943-65EF-8312-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006421Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:35:06.006{C36AC009-790A-65EF-8212-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006420Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:35:05.240{C36AC009-7909-65EF-8112-000000005403}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006419Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:35:04.488{C36AC009-7908-65EF-8012-000000005403}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006418Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:35:03.829{C36AC009-7907-65EF-7F12-000000005403}1732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006417Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:35:03.079{C36AC009-7907-65EF-7E12-000000005403}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006416Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:34:11.386{C36AC009-78D3-65EF-7D12-000000005403}4912C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006415Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:34:11.348{C36AC009-78D3-65EF-7C12-000000005403}5004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006414Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:34:11.312{C36AC009-78D3-65EF-7B12-000000005403}1300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006413Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:34:11.247{C36AC009-78D3-65EF-7912-000000005403}3320C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006412Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:34:06.028{C36AC009-78CE-65EF-7812-000000005403}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006411Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:34:05.264{C36AC009-78CD-65EF-7712-000000005403}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006410Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:34:04.498{C36AC009-78CC-65EF-7612-000000005403}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006409Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:34:03.839{C36AC009-78CB-65EF-7512-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006408Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:34:03.087{C36AC009-78CB-65EF-7412-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006407Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:33:06.042{C36AC009-7892-65EF-7312-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006406Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:33:05.335{C36AC009-7891-65EF-7212-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006405Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:33:04.582{C36AC009-7890-65EF-7112-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006404Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:33:03.832{C36AC009-788F-65EF-7012-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006403Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:33:03.079{C36AC009-788F-65EF-6F12-000000005403}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006402Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:32:06.086{C36AC009-7856-65EF-6E12-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006401Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:32:05.332{C36AC009-7855-65EF-6D12-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006400Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:32:04.582{C36AC009-7854-65EF-6C12-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006399Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:32:03.828{C36AC009-7853-65EF-6B12-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006398Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:32:03.074{C36AC009-7853-65EF-6A12-000000005403}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006396Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:31:06.069{C36AC009-781A-65EF-6912-000000005403}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006395Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:31:05.310{C36AC009-7819-65EF-6812-000000005403}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006394Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:31:04.544{C36AC009-7818-65EF-6712-000000005403}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006393Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:31:03.825{C36AC009-7817-65EF-6612-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006392Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:31:03.066{C36AC009-7817-65EF-6512-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006391Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:30:06.039{C36AC009-77DE-65EF-6212-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006390Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:30:05.273{C36AC009-77DD-65EF-6112-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006389Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:30:04.513{C36AC009-77DC-65EF-6012-000000005403}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006388Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:30:03.809{C36AC009-77DB-65EF-5F12-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006387Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:30:03.044{C36AC009-77DB-65EF-5E12-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006386Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:29:11.378{C36AC009-77A7-65EF-5D12-000000005403}1820C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006385Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:29:11.340{C36AC009-77A7-65EF-5C12-000000005403}4460C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006384Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:29:11.304{C36AC009-77A7-65EF-5B12-000000005403}4800C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006383Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:29:11.240{C36AC009-77A7-65EF-5912-000000005403}4476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006382Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:29:05.870{C36AC009-77A1-65EF-5812-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006381Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:29:05.120{C36AC009-77A1-65EF-5712-000000005403}5040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006380Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:29:04.380{C36AC009-77A0-65EF-5612-000000005403}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006379Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:29:03.781{C36AC009-779F-65EF-5512-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006378Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:29:03.030{C36AC009-779F-65EF-5412-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006377Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:28:06.033{C36AC009-7766-65EF-5312-000000005403}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006376Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:28:05.283{C36AC009-7765-65EF-5212-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006375Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:28:04.533{C36AC009-7764-65EF-5112-000000005403}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006374Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:28:03.786{C36AC009-7763-65EF-5012-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006373Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:28:03.020{C36AC009-7763-65EF-4F12-000000005403}3824C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006372Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:27:05.928{C36AC009-7729-65EF-4E12-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006371Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:27:05.162{C36AC009-7729-65EF-4D12-000000005403}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006370Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:27:04.397{C36AC009-7728-65EF-4C12-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006369Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:27:03.758{C36AC009-7727-65EF-4B12-000000005403}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006368Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:27:03.007{C36AC009-7727-65EF-4A12-000000005403}2424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006367Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:26:05.864{C36AC009-76ED-65EF-4912-000000005403}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006366Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:26:05.247{C36AC009-76ED-65EF-4812-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006365Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:26:04.490{C36AC009-76EC-65EF-4712-000000005403}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006364Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:26:03.739{C36AC009-76EB-65EF-4612-000000005403}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006363Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:26:02.982{C36AC009-76EA-65EF-4512-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006362Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:25:06.012{C36AC009-76B2-65EF-4412-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006361Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:25:05.246{C36AC009-76B1-65EF-4312-000000005403}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006360Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:25:04.488{C36AC009-76B0-65EF-4212-000000005403}372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006359Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:25:03.730{C36AC009-76AF-65EF-4112-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006358Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:25:02.964{C36AC009-76AE-65EF-4012-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006357Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:24:11.365{C36AC009-767B-65EF-3F12-000000005403}1184C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006356Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:24:11.325{C36AC009-767B-65EF-3E12-000000005403}3044C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006355Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:24:11.288{C36AC009-767B-65EF-3D12-000000005403}1504C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006354Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:24:11.224{C36AC009-767B-65EF-3B12-000000005403}4476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006353Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:24:05.862{C36AC009-7675-65EF-3A12-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006352Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:24:05.221{C36AC009-7675-65EF-3912-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006351Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:24:04.448{C36AC009-7674-65EF-3812-000000005403}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006350Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:24:03.705{C36AC009-7673-65EF-3712-000000005403}1404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006349Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:24:02.954{C36AC009-7672-65EF-3612-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006348Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:23:05.960{C36AC009-7639-65EF-3512-000000005403}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006347Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:23:05.185{C36AC009-7639-65EF-3412-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006346Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:23:04.426{C36AC009-7638-65EF-3312-000000005403}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006345Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:23:03.691{C36AC009-7637-65EF-3212-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006344Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:23:02.941{C36AC009-7636-65EF-3112-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006343Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:22:05.852{C36AC009-75FD-65EF-3012-000000005403}2300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006342Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:22:05.180{C36AC009-75FD-65EF-2F12-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006341Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:22:04.430{C36AC009-75FC-65EF-2E12-000000005403}3700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006340Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:22:03.685{C36AC009-75FB-65EF-2D12-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006339Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:22:02.935{C36AC009-75FA-65EF-2C12-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006338Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:21:05.933{C36AC009-75C1-65EF-2B12-000000005403}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006337Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:21:05.183{C36AC009-75C1-65EF-2A12-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006336Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:21:04.431{C36AC009-75C0-65EF-2912-000000005403}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006335Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:21:03.665{C36AC009-75BF-65EF-2812-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006334Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:21:02.921{C36AC009-75BE-65EF-2712-000000005403}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006333Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:20:05.812{C36AC009-7585-65EF-2612-000000005403}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006332Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:20:05.191{C36AC009-7585-65EF-2512-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006331Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:20:04.441{C36AC009-7584-65EF-2412-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006330Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:20:03.679{C36AC009-7583-65EF-2312-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006329Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:20:02.918{C36AC009-7582-65EF-2212-000000005403}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006328Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:19:11.359{C36AC009-754F-65EF-2112-000000005403}2184C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006327Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:19:11.319{C36AC009-754F-65EF-2012-000000005403}4536C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006326Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:19:11.283{C36AC009-754F-65EF-1F12-000000005403}504C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006325Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:19:11.218{C36AC009-754F-65EF-1D12-000000005403}996C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006324Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:19:05.831{C36AC009-7549-65EF-1C12-000000005403}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006323Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:19:05.069{C36AC009-7549-65EF-1B12-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006322Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:19:04.319{C36AC009-7548-65EF-1A12-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006321Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:19:03.682{C36AC009-7547-65EF-1912-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006320Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:19:02.919{C36AC009-7546-65EF-1812-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006319Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:18:05.947{C36AC009-750D-65EF-1712-000000005403}4996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006318Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:18:05.185{C36AC009-750D-65EF-1612-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006317Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:18:04.422{C36AC009-750C-65EF-1512-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006316Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:18:03.672{C36AC009-750B-65EF-1412-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006315Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:18:02.913{C36AC009-750A-65EF-1312-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006314Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:17:05.896{C36AC009-74D1-65EF-1212-000000005403}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006313Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:17:05.139{C36AC009-74D1-65EF-1112-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006312Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:17:04.373{C36AC009-74D0-65EF-1012-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006311Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:17:03.660{C36AC009-74CF-65EF-0F12-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006310Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:17:02.910{C36AC009-74CE-65EF-0E12-000000005403}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006309Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:16:05.935{C36AC009-7495-65EF-0D12-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006308Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:16:05.162{C36AC009-7495-65EF-0C12-000000005403}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006307Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:16:04.402{C36AC009-7494-65EF-0B12-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006306Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:16:03.657{C36AC009-7493-65EF-0A12-000000005403}2492C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006305Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:16:02.880{C36AC009-7492-65EF-0912-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006304Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:15:05.794{C36AC009-7459-65EF-0812-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006303Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:15:05.139{C36AC009-7459-65EF-0712-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006302Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:15:04.375{C36AC009-7458-65EF-0612-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006301Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:15:03.627{C36AC009-7457-65EF-0512-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006300Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:15:02.869{C36AC009-7456-65EF-0412-000000005403}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006299Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:14:11.356{C36AC009-7423-65EF-0312-000000005403}3120C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006298Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:14:11.314{C36AC009-7423-65EF-0212-000000005403}304C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006297Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:14:11.279{C36AC009-7423-65EF-0112-000000005403}2668C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006296Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:14:11.214{C36AC009-7423-65EF-FF11-000000005403}1348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006295Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:14:05.730{C36AC009-741D-65EF-FE11-000000005403}1504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006294Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:14:05.136{C36AC009-741D-65EF-FD11-000000005403}764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006293Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:14:04.371{C36AC009-741C-65EF-FC11-000000005403}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006292Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:14:03.606{C36AC009-741B-65EF-FB11-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006291Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:14:02.856{C36AC009-741A-65EF-FA11-000000005403}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006290Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:13:05.825{C36AC009-73E1-65EF-F911-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006289Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:13:05.106{C36AC009-73E1-65EF-F811-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006288Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:13:04.357{C36AC009-73E0-65EF-F711-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006287Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:13:03.606{C36AC009-73DF-65EF-F611-000000005403}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006286Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:13:02.856{C36AC009-73DE-65EF-F511-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006285Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:12:05.753{C36AC009-73A5-65EF-F411-000000005403}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006284Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:12:05.111{C36AC009-73A5-65EF-F311-000000005403}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006283Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:12:04.345{C36AC009-73A4-65EF-F211-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006282Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:12:03.594{C36AC009-73A3-65EF-F111-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006281Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:12:02.844{C36AC009-73A2-65EF-F011-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006280Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:11:05.773{C36AC009-7369-65EF-EF11-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006279Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:11:05.021{C36AC009-7369-65EF-EE11-000000005403}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006278Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:11:04.256{C36AC009-7368-65EF-ED11-000000005403}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006277Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:11:03.599{C36AC009-7367-65EF-EC11-000000005403}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006276Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:11:02.847{C36AC009-7366-65EF-EB11-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006275Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:10:05.801{C36AC009-732D-65EF-EA11-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006274Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:10:05.049{C36AC009-732D-65EF-E911-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006273Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:10:04.298{C36AC009-732C-65EF-E811-000000005403}3492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006272Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:10:03.595{C36AC009-732B-65EF-E711-000000005403}4472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006271Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:10:02.843{C36AC009-732A-65EF-E611-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006270Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:09:11.355{C36AC009-72F7-65EF-E511-000000005403}4740C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006269Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:09:11.314{C36AC009-72F7-65EF-E411-000000005403}3580C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006268Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:09:11.277{C36AC009-72F7-65EF-E311-000000005403}4704C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006267Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:09:11.213{C36AC009-72F7-65EF-E111-000000005403}4916C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006266Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:09:05.772{C36AC009-72F1-65EF-E011-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006265Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:09:05.022{C36AC009-72F1-65EF-DF11-000000005403}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006264Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:09:04.270{C36AC009-72F0-65EF-DE11-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006263Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:09:03.580{C36AC009-72EF-65EF-DD11-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006262Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:09:02.830{C36AC009-72EE-65EF-DC11-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006261Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:08:05.812{C36AC009-72B5-65EF-DB11-000000005403}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006260Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:08:05.062{C36AC009-72B5-65EF-DA11-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006259Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:08:04.309{C36AC009-72B4-65EF-D911-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006258Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:08:03.556{C36AC009-72B3-65EF-D811-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006257Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:08:02.806{C36AC009-72B2-65EF-D711-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006256Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:07:05.702{C36AC009-7279-65EF-D611-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006255Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:07:05.061{C36AC009-7279-65EF-D511-000000005403}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006254Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:07:04.311{C36AC009-7278-65EF-D411-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006253Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:07:03.554{C36AC009-7277-65EF-D311-000000005403}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006252Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:07:02.804{C36AC009-7276-65EF-D211-000000005403}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006251Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:06:05.814{C36AC009-723D-65EF-D111-000000005403}1504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006250Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:06:05.063{C36AC009-723D-65EF-D011-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006249Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:06:04.309{C36AC009-723C-65EF-CF11-000000005403}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006248Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:06:03.559{C36AC009-723B-65EF-CE11-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006247Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:06:02.800{C36AC009-723A-65EF-CD11-000000005403}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006246Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:05:05.713{C36AC009-7201-65EF-CC11-000000005403}4472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006245Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:05:05.056{C36AC009-7201-65EF-CB11-000000005403}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006244Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:05:04.301{C36AC009-7200-65EF-CA11-000000005403}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006243Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:05:03.551{C36AC009-71FF-65EF-C911-000000005403}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006242Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:05:02.797{C36AC009-71FE-65EF-C811-000000005403}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006241Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:04:11.343{C36AC009-71CB-65EF-C711-000000005403}2328C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006240Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:04:11.303{C36AC009-71CB-65EF-C611-000000005403}4800C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006239Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:04:11.267{C36AC009-71CB-65EF-C511-000000005403}3860C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006238Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:04:11.202{C36AC009-71CB-65EF-C311-000000005403}364C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006237Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:04:05.696{C36AC009-71C5-65EF-C211-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006236Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:04:05.060{C36AC009-71C5-65EF-C111-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006235Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:04:04.310{C36AC009-71C4-65EF-C011-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006234Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:04:03.544{C36AC009-71C3-65EF-BF11-000000005403}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006233Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:04:02.783{C36AC009-71C2-65EF-BE11-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006232Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:03:05.580{C36AC009-7189-65EF-BD11-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006231Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:03:04.980{C36AC009-7188-65EF-BC11-000000005403}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006230Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:03:04.292{C36AC009-7188-65EF-BB11-000000005403}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006229Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:03:03.536{C36AC009-7187-65EF-BA11-000000005403}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006228Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:03:02.780{C36AC009-7186-65EF-B911-000000005403}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006227Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:02:05.679{C36AC009-714D-65EF-B811-000000005403}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006226Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:02:04.914{C36AC009-714C-65EF-B711-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006225Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:02:04.167{C36AC009-714C-65EF-B611-000000005403}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006224Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:02:03.526{C36AC009-714B-65EF-B511-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006223Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:02:02.776{C36AC009-714A-65EF-B411-000000005403}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006222Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:01:05.682{C36AC009-7111-65EF-B311-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006221Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:01:04.925{C36AC009-7110-65EF-B211-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006220Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:01:04.176{C36AC009-7110-65EF-B111-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006219Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:01:03.528{C36AC009-710F-65EF-B011-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006218Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:01:02.771{C36AC009-710E-65EF-AF11-000000005403}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006217Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:00:05.686{C36AC009-70D5-65EF-AE11-000000005403}372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006216Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:00:05.061{C36AC009-70D5-65EF-AD11-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006215Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:00:04.296{C36AC009-70D4-65EF-AC11-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006214Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:00:03.523{C36AC009-70D3-65EF-AB11-000000005403}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006213Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 21:00:02.765{C36AC009-70D2-65EF-AA11-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006212Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:59:11.336{C36AC009-709F-65EF-A911-000000005403}1600C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006211Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:59:11.296{C36AC009-709F-65EF-A811-000000005403}1040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006210Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:59:11.260{C36AC009-709F-65EF-A711-000000005403}2460C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006209Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:59:11.196{C36AC009-709F-65EF-A511-000000005403}4980C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006208Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:59:05.708{C36AC009-7099-65EF-A411-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006207Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:59:05.027{C36AC009-7099-65EF-A311-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006206Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:59:04.262{C36AC009-7098-65EF-A211-000000005403}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006205Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:59:03.503{C36AC009-7097-65EF-A111-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006204Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:59:02.745{C36AC009-7096-65EF-A011-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006203Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:58:05.545{C36AC009-705D-65EF-9F11-000000005403}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006202Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:58:04.926{C36AC009-705C-65EF-9E11-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006201Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:58:04.246{C36AC009-705C-65EF-9D11-000000005403}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006200Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:58:03.495{C36AC009-705B-65EF-9C11-000000005403}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006199Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:58:02.736{C36AC009-705A-65EF-9B11-000000005403}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006198Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:57:05.612{C36AC009-7021-65EF-9A11-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006197Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:57:05.003{C36AC009-7021-65EF-9911-000000005403}1600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006196Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:57:04.237{C36AC009-7020-65EF-9811-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006195Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:57:03.483{C36AC009-701F-65EF-9711-000000005403}4392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006194Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:57:02.733{C36AC009-701E-65EF-9611-000000005403}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006193Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:56:05.771{C36AC009-6FE5-65EF-9511-000000005403}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006192Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:56:05.015{C36AC009-6FE5-65EF-9411-000000005403}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006191Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:56:04.250{C36AC009-6FE4-65EF-9311-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006190Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:56:03.484{C36AC009-6FE3-65EF-9211-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006189Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:56:02.731{C36AC009-6FE2-65EF-9111-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006188Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:55:05.655{C36AC009-6FA9-65EF-9011-000000005403}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006187Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:55:04.904{C36AC009-6FA8-65EF-8F11-000000005403}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006186Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:55:04.143{C36AC009-6FA8-65EF-8E11-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006185Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:55:03.487{C36AC009-6FA7-65EF-8D11-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006184Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:55:02.726{C36AC009-6FA6-65EF-8C11-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006183Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:54:11.334{C36AC009-6F73-65EF-8B11-000000005403}3540C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006182Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:54:11.294{C36AC009-6F73-65EF-8A11-000000005403}3320C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006181Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:54:11.259{C36AC009-6F73-65EF-8911-000000005403}4748C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006180Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:54:11.194{C36AC009-6F73-65EF-8711-000000005403}3596C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006179Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:54:05.670{C36AC009-6F6D-65EF-8611-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006178Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:54:04.971{C36AC009-6F6C-65EF-8511-000000005403}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006177Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:54:04.221{C36AC009-6F6C-65EF-8411-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006176Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:54:03.480{C36AC009-6F6B-65EF-8311-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006175Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:54:02.714{C36AC009-6F6A-65EF-8211-000000005403}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006174Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:53:05.684{C36AC009-6F31-65EF-8111-000000005403}3040C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006173Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:53:05.004{C36AC009-6F31-65EF-8011-000000005403}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006172Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:53:04.238{C36AC009-6F30-65EF-7F11-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006171Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:53:03.477{C36AC009-6F2F-65EF-7E11-000000005403}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006170Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:53:02.715{C36AC009-6F2E-65EF-7D11-000000005403}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006169Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:52:05.632{C36AC009-6EF5-65EF-7C11-000000005403}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006168Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:52:04.986{C36AC009-6EF4-65EF-7B11-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006167Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:52:04.222{C36AC009-6EF4-65EF-7A11-000000005403}3780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006166Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:52:03.475{C36AC009-6EF3-65EF-7911-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006165Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:52:02.710{C36AC009-6EF2-65EF-7811-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006164Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:51:05.596{C36AC009-6EB9-65EF-7711-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006163Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:51:04.837{C36AC009-6EB8-65EF-7611-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006162Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:51:04.086{C36AC009-6EB8-65EF-7511-000000005403}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006161Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:51:03.476{C36AC009-6EB7-65EF-7411-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006160Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:51:02.715{C36AC009-6EB6-65EF-7311-000000005403}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006159Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:50:05.699{C36AC009-6E7D-65EF-7211-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006158Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:50:04.949{C36AC009-6E7C-65EF-7111-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006157Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:50:04.186{C36AC009-6E7C-65EF-7011-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006156Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:50:03.468{C36AC009-6E7B-65EF-6F11-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006155Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:50:02.703{C36AC009-6E7A-65EF-6E11-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006154Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:49:11.330{C36AC009-6E47-65EF-6D11-000000005403}3572C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006153Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:49:11.291{C36AC009-6E47-65EF-6C11-000000005403}4976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006152Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:49:11.256{C36AC009-6E47-65EF-6B11-000000005403}4356C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006151Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:49:11.191{C36AC009-6E47-65EF-6911-000000005403}2240C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006150Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:49:05.748{C36AC009-6E41-65EF-6811-000000005403}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006149Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:49:04.983{C36AC009-6E40-65EF-6711-000000005403}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006148Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:49:04.219{C36AC009-6E40-65EF-6611-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006147Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:49:03.454{C36AC009-6E3F-65EF-6511-000000005403}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006146Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:49:02.691{C36AC009-6E3E-65EF-6411-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006145Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:48:05.676{C36AC009-6E05-65EF-6311-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006144Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:48:04.911{C36AC009-6E04-65EF-6211-000000005403}4404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006143Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:48:04.192{C36AC009-6E04-65EF-6111-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006142Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:48:03.426{C36AC009-6E03-65EF-6011-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006141Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:48:02.676{C36AC009-6E02-65EF-5F11-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006140Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:47:05.613{C36AC009-6DC9-65EF-5E11-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006139Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:47:04.941{C36AC009-6DC8-65EF-5D11-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006138Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:47:04.176{C36AC009-6DC8-65EF-5C11-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006137Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:47:03.426{C36AC009-6DC7-65EF-5B11-000000005403}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006136Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:47:02.661{C36AC009-6DC6-65EF-5A11-000000005403}708C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006135Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:46:05.591{C36AC009-6D8D-65EF-5911-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006134Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:46:04.841{C36AC009-6D8C-65EF-5811-000000005403}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006133Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:46:04.075{C36AC009-6D8C-65EF-5711-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006132Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:46:03.403{C36AC009-6D8B-65EF-5611-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006131Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:46:02.651{C36AC009-6D8A-65EF-5511-000000005403}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006130Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:45:05.637{C36AC009-6D51-65EF-5411-000000005403}2300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006129Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:45:04.901{C36AC009-6D50-65EF-5311-000000005403}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006128Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:45:04.151{C36AC009-6D50-65EF-5211-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006127Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:45:03.400{C36AC009-6D4F-65EF-5111-000000005403}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006126Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:45:02.648{C36AC009-6D4E-65EF-5011-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006125Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:44:11.322{C36AC009-6D1B-65EF-4F11-000000005403}4764C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006124Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:44:11.284{C36AC009-6D1B-65EF-4E11-000000005403}2088C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006123Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:44:11.247{C36AC009-6D1B-65EF-4D11-000000005403}2268C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006122Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:44:11.183{C36AC009-6D1B-65EF-4B11-000000005403}5040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006121Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:44:05.553{C36AC009-6D15-65EF-4A11-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006120Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:44:04.925{C36AC009-6D14-65EF-4911-000000005403}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006119Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:44:04.159{C36AC009-6D14-65EF-4811-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006118Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:44:03.393{C36AC009-6D13-65EF-4711-000000005403}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006117Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:44:02.638{C36AC009-6D12-65EF-4611-000000005403}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006116Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:43:05.439{C36AC009-6CD9-65EF-4511-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006115Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:43:04.812{C36AC009-6CD8-65EF-4411-000000005403}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006114Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:43:04.140{C36AC009-6CD8-65EF-4311-000000005403}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006113Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:43:03.372{C36AC009-6CD7-65EF-4211-000000005403}4420C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006112Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:43:02.619{C36AC009-6CD6-65EF-4111-000000005403}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006111Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:42:05.485{C36AC009-6C9D-65EF-4011-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006110Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:42:04.720{C36AC009-6C9C-65EF-3F11-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006109Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:42:03.975{C36AC009-6C9B-65EF-3E11-000000005403}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006108Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:42:03.381{C36AC009-6C9B-65EF-3D11-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006107Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:42:02.616{C36AC009-6C9A-65EF-3C11-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006106Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:41:05.633{C36AC009-6C61-65EF-3B11-000000005403}2392C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006105Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:41:04.864{C36AC009-6C60-65EF-3A11-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006104Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:41:04.110{C36AC009-6C60-65EF-3911-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006103Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:41:03.360{C36AC009-6C5F-65EF-3811-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006102Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:41:02.606{C36AC009-6C5E-65EF-3711-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006101Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:40:05.624{C36AC009-6C25-65EF-3611-000000005403}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006100Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:40:04.873{C36AC009-6C24-65EF-3511-000000005403}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006099Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:40:04.119{C36AC009-6C24-65EF-3411-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006098Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:40:03.353{C36AC009-6C23-65EF-3311-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006097Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:40:02.599{C36AC009-6C22-65EF-3211-000000005403}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006096Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:39:11.320{C36AC009-6BEF-65EF-3111-000000005403}4880C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006095Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:39:11.282{C36AC009-6BEF-65EF-3011-000000005403}3052C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006094Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:39:11.247{C36AC009-6BEF-65EF-2F11-000000005403}3040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006093Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:39:11.182{C36AC009-6BEF-65EF-2D11-000000005403}3360C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006092Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:39:05.547{C36AC009-6BE9-65EF-2C11-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006091Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:39:04.850{C36AC009-6BE8-65EF-2B11-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006090Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:39:04.100{C36AC009-6BE8-65EF-2A11-000000005403}1484C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006089Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:39:03.345{C36AC009-6BE7-65EF-2911-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006088Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:39:02.591{C36AC009-6BE6-65EF-2811-000000005403}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006087Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:38:05.156{C36AC009-6BAD-65EF-2711-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006086Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:38:04.531{C36AC009-6BAC-65EF-2611-000000005403}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006085Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:38:03.906{C36AC009-6BAB-65EF-2511-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006084Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:38:03.291{C36AC009-6BAB-65EF-2411-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006083Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:38:02.583{C36AC009-6BAA-65EF-2311-000000005403}3188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006082Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:37:05.600{C36AC009-6B71-65EF-2211-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006081Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:37:04.845{C36AC009-6B70-65EF-2111-000000005403}764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006080Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:37:04.095{C36AC009-6B70-65EF-2011-000000005403}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006079Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:37:03.345{C36AC009-6B6F-65EF-1F11-000000005403}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006078Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:37:02.579{C36AC009-6B6E-65EF-1E11-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006077Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:36:05.435{C36AC009-6B35-65EF-1D11-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006076Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:36:04.845{C36AC009-6B34-65EF-1C11-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006075Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:36:04.090{C36AC009-6B34-65EF-1B11-000000005403}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006074Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:36:03.324{C36AC009-6B33-65EF-1A11-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006073Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:36:02.571{C36AC009-6B32-65EF-1911-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006072Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:35:05.597{C36AC009-6AF9-65EF-1811-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006071Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:35:04.832{C36AC009-6AF8-65EF-1711-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006070Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:35:04.060{C36AC009-6AF8-65EF-1611-000000005403}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006069Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:35:03.315{C36AC009-6AF7-65EF-1511-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006068Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:35:02.560{C36AC009-6AF6-65EF-1411-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006067Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:34:11.322{C36AC009-6AC3-65EF-1311-000000005403}308C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006066Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:34:11.283{C36AC009-6AC3-65EF-1211-000000005403}3596C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006065Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:34:11.247{C36AC009-6AC3-65EF-1111-000000005403}4184C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006064Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:34:11.183{C36AC009-6AC3-65EF-0F11-000000005403}3988C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006063Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:34:05.598{C36AC009-6ABD-65EF-0E11-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006062Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:34:04.833{C36AC009-6ABC-65EF-0D11-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006061Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:34:04.073{C36AC009-6ABC-65EF-0C11-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006060Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:34:03.315{C36AC009-6ABB-65EF-0B11-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006059Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:34:02.556{C36AC009-6ABA-65EF-0A11-000000005403}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006058Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:33:05.339{C36AC009-6A81-65EF-0911-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006057Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:33:04.721{C36AC009-6A80-65EF-0811-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006056Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:33:04.049{C36AC009-6A80-65EF-0711-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006055Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:33:03.297{C36AC009-6A7F-65EF-0611-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006054Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:33:02.538{C36AC009-6A7E-65EF-0511-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006053Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:32:05.501{C36AC009-6A45-65EF-0411-000000005403}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006052Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:32:04.798{C36AC009-6A44-65EF-0311-000000005403}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006051Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:32:04.045{C36AC009-6A44-65EF-0211-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006050Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:32:03.298{C36AC009-6A43-65EF-0111-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006049Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:32:02.532{C36AC009-6A42-65EF-0011-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006048Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:31:05.560{C36AC009-6A09-65EF-FF10-000000005403}1484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006047Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:31:04.800{C36AC009-6A08-65EF-FE10-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006046Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:31:04.027{C36AC009-6A08-65EF-FD10-000000005403}4796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006045Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:31:03.291{C36AC009-6A07-65EF-FC10-000000005403}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006044Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:31:02.535{C36AC009-6A06-65EF-FB10-000000005403}2492C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006043Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:30:05.549{C36AC009-69CD-65EF-FA10-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006042Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:30:04.789{C36AC009-69CC-65EF-F910-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006041Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:30:04.039{C36AC009-69CC-65EF-F810-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006040Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:30:03.284{C36AC009-69CB-65EF-F710-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006039Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:30:02.528{C36AC009-69CA-65EF-F610-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006038Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:29:11.311{C36AC009-6997-65EF-F510-000000005403}4792C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006037Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:29:11.271{C36AC009-6997-65EF-F410-000000005403}4268C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006036Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:29:11.235{C36AC009-6997-65EF-F310-000000005403}1004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006035Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:29:11.171{C36AC009-6997-65EF-F110-000000005403}4168C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006034Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:29:05.558{C36AC009-6991-65EF-F010-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006033Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:29:04.786{C36AC009-6990-65EF-EF10-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006032Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:29:04.036{C36AC009-6990-65EF-EE10-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006031Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:29:03.286{C36AC009-698F-65EF-ED10-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006030Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:29:02.531{C36AC009-698E-65EF-EC10-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006029Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:28:05.568{C36AC009-6955-65EF-EB10-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006028Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:28:04.803{C36AC009-6954-65EF-EA10-000000005403}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006027Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:28:04.053{C36AC009-6954-65EF-E910-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006026Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:28:03.295{C36AC009-6953-65EF-E810-000000005403}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006025Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:28:02.530{C36AC009-6952-65EF-E710-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006024Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:27:05.436{C36AC009-6919-65EF-E610-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006023Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:27:04.799{C36AC009-6918-65EF-E510-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006022Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:27:04.038{C36AC009-6918-65EF-E410-000000005403}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006021Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:27:03.287{C36AC009-6917-65EF-E310-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006020Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:27:02.525{C36AC009-6916-65EF-E210-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006019Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:26:05.545{C36AC009-68DD-65EF-E110-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006018Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:26:04.780{C36AC009-68DC-65EF-E010-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006017Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:26:04.017{C36AC009-68DC-65EF-DF10-000000005403}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006016Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:26:03.254{C36AC009-68DB-65EF-DE10-000000005403}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006015Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:26:02.504{C36AC009-68DA-65EF-DD10-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006014Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:25:05.429{C36AC009-68A1-65EF-DC10-000000005403}3484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006013Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:25:04.788{C36AC009-68A0-65EF-DB10-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006012Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:25:04.038{C36AC009-68A0-65EF-DA10-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006011Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:25:03.275{C36AC009-689F-65EF-D910-000000005403}2184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006010Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:25:02.511{C36AC009-689E-65EF-D810-000000005403}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006009Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:24:11.293{C36AC009-686B-65EF-D710-000000005403}3236C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006008Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:24:11.255{C36AC009-686B-65EF-D610-000000005403}3600C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006007Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:24:11.218{C36AC009-686B-65EF-D510-000000005403}2088C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006006Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:24:11.154{C36AC009-686B-65EF-D310-000000005403}1140C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000006005Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:24:05.532{C36AC009-6865-65EF-D210-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006004Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:24:04.768{C36AC009-6864-65EF-D110-000000005403}5000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006003Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:24:04.004{C36AC009-6864-65EF-D010-000000005403}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006002Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:24:03.254{C36AC009-6863-65EF-CF10-000000005403}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006001Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:24:02.489{C36AC009-6862-65EF-CE10-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006000Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:23:05.282{C36AC009-6829-65EF-CD10-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005999Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:23:04.659{C36AC009-6828-65EF-CC10-000000005403}1380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005998Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:23:04.003{C36AC009-6828-65EF-CB10-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005997Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:23:03.238{C36AC009-6827-65EF-CA10-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005996Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:23:02.474{C36AC009-6826-65EF-C910-000000005403}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005995Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:22:05.352{C36AC009-67ED-65EF-C810-000000005403}4952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005994Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:22:04.587{C36AC009-67EC-65EF-C710-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005993Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:22:03.837{C36AC009-67EB-65EF-C610-000000005403}1504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005992Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:22:03.228{C36AC009-67EB-65EF-C510-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005991Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:22:02.479{C36AC009-67EA-65EF-C410-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005990Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:21:05.513{C36AC009-67B1-65EF-C310-000000005403}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005989Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:21:04.763{C36AC009-67B0-65EF-C210-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005988Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:21:04.013{C36AC009-67B0-65EF-C110-000000005403}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005987Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:21:03.248{C36AC009-67AF-65EF-C010-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005986Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:21:02.482{C36AC009-67AE-65EF-BF10-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005985Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:20:05.489{C36AC009-6775-65EF-BE10-000000005403}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005984Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:20:04.724{C36AC009-6774-65EF-BD10-000000005403}996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005983Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:20:03.973{C36AC009-6773-65EF-BC10-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005982Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:20:03.238{C36AC009-6773-65EF-BB10-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005981Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:20:02.473{C36AC009-6772-65EF-BA10-000000005403}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005980Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:19:11.281{C36AC009-673F-65EF-B910-000000005403}4600C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005979Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:19:11.241{C36AC009-673F-65EF-B810-000000005403}2080C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005978Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:19:11.205{C36AC009-673F-65EF-B710-000000005403}3672C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005977Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:19:11.141{C36AC009-673F-65EF-B510-000000005403}3412C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005976Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:19:05.503{C36AC009-6739-65EF-B410-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005975Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:19:04.752{C36AC009-6738-65EF-B310-000000005403}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005974Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:19:03.986{C36AC009-6737-65EF-B210-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005973Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:19:03.235{C36AC009-6737-65EF-B110-000000005403}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005972Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:19:02.483{C36AC009-6736-65EF-B010-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005971Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:18:05.515{C36AC009-66FD-65EF-AF10-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005970Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:18:04.763{C36AC009-66FC-65EF-AE10-000000005403}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005969Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:18:04.007{C36AC009-66FC-65EF-AD10-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005968Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:18:03.241{C36AC009-66FB-65EF-AC10-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005967Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:18:02.473{C36AC009-66FA-65EF-AB10-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005966Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:17:05.401{C36AC009-66C1-65EF-AA10-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005965Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:17:04.760{C36AC009-66C0-65EF-A910-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005964Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:17:04.007{C36AC009-66C0-65EF-A810-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005963Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:17:03.239{C36AC009-66BF-65EF-A710-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005962Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:17:02.473{C36AC009-66BE-65EF-A610-000000005403}3444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005961Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:16:05.457{C36AC009-6685-65EF-A510-000000005403}4472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005960Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:16:04.704{C36AC009-6684-65EF-A410-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005959Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:16:03.951{C36AC009-6683-65EF-A310-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005958Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:16:03.216{C36AC009-6683-65EF-A210-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005957Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:16:02.463{C36AC009-6682-65EF-A110-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005956Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:15:05.464{C36AC009-6649-65EF-A010-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005955Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:15:04.711{C36AC009-6648-65EF-9F10-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005954Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:15:03.961{C36AC009-6647-65EF-9E10-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005953Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:15:03.208{C36AC009-6647-65EF-9D10-000000005403}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005952Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:15:02.454{C36AC009-6646-65EF-9C10-000000005403}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005951Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:14:11.267{C36AC009-6613-65EF-9B10-000000005403}4892C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005950Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:14:11.227{C36AC009-6613-65EF-9A10-000000005403}2820C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005949Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:14:11.192{C36AC009-6613-65EF-9910-000000005403}912C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005948Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:14:11.127{C36AC009-6613-65EF-9710-000000005403}2076C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005947Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:14:05.462{C36AC009-660D-65EF-9610-000000005403}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005946Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:14:04.704{C36AC009-660C-65EF-9510-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005945Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:14:03.954{C36AC009-660B-65EF-9410-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005944Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:14:03.200{C36AC009-660B-65EF-9310-000000005403}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005943Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:14:02.446{C36AC009-660A-65EF-9210-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005942Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:13:05.469{C36AC009-65D1-65EF-9110-000000005403}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005941Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:13:04.714{C36AC009-65D0-65EF-9010-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005940Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:13:03.964{C36AC009-65CF-65EF-8F10-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005939Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:13:03.205{C36AC009-65CF-65EF-8E10-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005938Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:13:02.439{C36AC009-65CE-65EF-8D10-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005937Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:12:05.591{C36AC009-6595-65EF-8C10-000000005403}4532C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005936Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:12:04.835{C36AC009-6594-65EF-8B10-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005935Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:12:04.080{C36AC009-6594-65EF-8A10-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005934Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:12:03.314{C36AC009-6593-65EF-8910-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005933Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:12:02.559{C36AC009-6592-65EF-8810-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005932Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:11:05.565{C36AC009-6559-65EF-8710-000000005403}2632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005931Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:11:04.809{C36AC009-6558-65EF-8610-000000005403}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005930Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:11:04.059{C36AC009-6558-65EF-8510-000000005403}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005929Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:11:03.303{C36AC009-6557-65EF-8410-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005928Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:11:02.547{C36AC009-6556-65EF-8310-000000005403}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005927Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:10:05.545{C36AC009-651D-65EF-8210-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005926Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:10:04.782{C36AC009-651C-65EF-8110-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005925Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:10:04.032{C36AC009-651C-65EF-8010-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005924Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:10:03.290{C36AC009-651B-65EF-7F10-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005923Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:10:02.534{C36AC009-651A-65EF-7E10-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005922Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:09:11.255{C36AC009-64E7-65EF-7D10-000000005403}484C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005921Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:09:11.216{C36AC009-64E7-65EF-7C10-000000005403}528C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005920Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:09:11.180{C36AC009-64E7-65EF-7B10-000000005403}3556C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005919Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:09:11.114{C36AC009-64E7-65EF-7910-000000005403}3396C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005918Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:09:05.469{C36AC009-64E1-65EF-7810-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005917Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:09:04.703{C36AC009-64E0-65EF-7710-000000005403}4200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005916Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:09:03.946{C36AC009-64DF-65EF-7610-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005915Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:09:03.282{C36AC009-64DF-65EF-7510-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005914Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:09:02.516{C36AC009-64DE-65EF-7410-000000005403}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005913Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:08:05.503{C36AC009-64A5-65EF-7310-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005912Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:08:04.753{C36AC009-64A4-65EF-7210-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005911Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:08:04.002{C36AC009-64A4-65EF-7110-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005910Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:08:03.252{C36AC009-64A3-65EF-7010-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005909Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:08:02.502{C36AC009-64A2-65EF-6F10-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005906Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:07:05.535{C36AC009-6469-65EF-6D10-000000005403}4480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005905Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:07:04.785{C36AC009-6468-65EF-6C10-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005904Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:07:04.019{C36AC009-6468-65EF-6B10-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005903Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:07:03.265{C36AC009-6467-65EF-6A10-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005902Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:07:02.499{C36AC009-6466-65EF-6910-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005901Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:06:05.542{C36AC009-642D-65EF-6810-000000005403}1600C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005900Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:06:04.776{C36AC009-642C-65EF-6710-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005899Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:06:04.017{C36AC009-642C-65EF-6610-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005898Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:06:03.258{C36AC009-642B-65EF-6510-000000005403}2828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005897Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:06:02.493{C36AC009-642A-65EF-6410-000000005403}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005896Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:05:05.505{C36AC009-63F1-65EF-6310-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005895Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:05:04.761{C36AC009-63F0-65EF-6210-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005894Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:05:03.987{C36AC009-63EF-65EF-6110-000000005403}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005893Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:05:03.236{C36AC009-63EF-65EF-6010-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005892Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:05:02.476{C36AC009-63EE-65EF-5F10-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005891Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:04:11.240{C36AC009-63BB-65EF-5E10-000000005403}1996C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005890Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:04:11.201{C36AC009-63BB-65EF-5D10-000000005403}4596C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005889Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:04:11.165{C36AC009-63BB-65EF-5C10-000000005403}4936C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005888Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:04:11.100{C36AC009-63BB-65EF-5A10-000000005403}1268C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005887Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:04:05.463{C36AC009-63B5-65EF-5910-000000005403}3188C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005886Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:04:04.708{C36AC009-63B4-65EF-5810-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005885Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:04:03.959{C36AC009-63B3-65EF-5710-000000005403}3524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005884Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:04:03.224{C36AC009-63B3-65EF-5610-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005883Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:04:02.469{C36AC009-63B2-65EF-5510-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005882Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:03:05.390{C36AC009-6379-65EF-5410-000000005403}2084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005881Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:03:04.624{C36AC009-6378-65EF-5310-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005880Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:03:03.868{C36AC009-6377-65EF-5210-000000005403}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005879Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:03:03.211{C36AC009-6377-65EF-5110-000000005403}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005878Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:03:02.461{C36AC009-6376-65EF-5010-000000005403}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005877Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:02:05.474{C36AC009-633D-65EF-4F10-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005876Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:02:04.724{C36AC009-633C-65EF-4E10-000000005403}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005875Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:02:03.963{C36AC009-633B-65EF-4D10-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005874Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:02:03.201{C36AC009-633B-65EF-4C10-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005873Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:02:02.439{C36AC009-633A-65EF-4B10-000000005403}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005872Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:01:05.177{C36AC009-6301-65EF-4A10-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005871Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:01:04.552{C36AC009-6300-65EF-4910-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005870Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:01:03.927{C36AC009-62FF-65EF-4810-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005869Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:01:03.212{C36AC009-62FF-65EF-4710-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005868Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:01:02.449{C36AC009-62FE-65EF-4610-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005867Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:00:05.466{C36AC009-62C5-65EF-4510-000000005403}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005866Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:00:04.718{C36AC009-62C4-65EF-4410-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005865Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:00:03.955{C36AC009-62C3-65EF-4310-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005864Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:00:03.190{C36AC009-62C3-65EF-4210-000000005403}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005863Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 20:00:02.427{C36AC009-62C2-65EF-4110-000000005403}3436C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005862Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:59:11.228{C36AC009-628F-65EF-4010-000000005403}1992C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005861Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:59:11.189{C36AC009-628F-65EF-3F10-000000005403}2808C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005860Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:59:11.152{C36AC009-628F-65EF-3E10-000000005403}3032C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005859Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:59:11.087{C36AC009-628F-65EF-3C10-000000005403}2156C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005858Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:59:05.280{C36AC009-6289-65EF-3B10-000000005403}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005857Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:59:04.534{C36AC009-6288-65EF-3A10-000000005403}708C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005856Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:59:03.783{C36AC009-6287-65EF-3910-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005855Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:59:03.160{C36AC009-6287-65EF-3810-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005854Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:59:02.410{C36AC009-6286-65EF-3710-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005853Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:58:05.361{C36AC009-624D-65EF-3610-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005852Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:58:04.595{C36AC009-624C-65EF-3510-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005851Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:58:03.831{C36AC009-624B-65EF-3410-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005850Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:58:03.161{C36AC009-624B-65EF-3310-000000005403}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005849Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:58:02.396{C36AC009-624A-65EF-3210-000000005403}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005848Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:57:05.317{C36AC009-6211-65EF-3110-000000005403}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005847Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:57:04.692{C36AC009-6210-65EF-3010-000000005403}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005846Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:57:03.928{C36AC009-620F-65EF-2F10-000000005403}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005845Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:57:03.163{C36AC009-620F-65EF-2E10-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005844Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:57:02.397{C36AC009-620E-65EF-2D10-000000005403}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005843Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:56:05.371{C36AC009-61D5-65EF-2C10-000000005403}3188C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005842Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:56:04.609{C36AC009-61D4-65EF-2B10-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005841Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:56:03.844{C36AC009-61D3-65EF-2A10-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005840Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:56:03.156{C36AC009-61D3-65EF-2910-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005839Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:56:02.391{C36AC009-61D2-65EF-2810-000000005403}2252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005838Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:55:05.407{C36AC009-6199-65EF-2710-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005837Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:55:04.641{C36AC009-6198-65EF-2610-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005836Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:55:03.879{C36AC009-6197-65EF-2510-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005835Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:55:03.129{C36AC009-6197-65EF-2410-000000005403}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005834Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:55:02.379{C36AC009-6196-65EF-2310-000000005403}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005832Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:54:11.213{C36AC009-6163-65EF-2210-000000005403}4644C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005831Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:54:11.174{C36AC009-6163-65EF-2110-000000005403}4640C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005830Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:54:11.138{C36AC009-6163-65EF-2010-000000005403}3116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005829Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:54:11.072{C36AC009-6163-65EF-1E10-000000005403}896C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005828Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:54:05.405{C36AC009-615D-65EF-1D10-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005827Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:54:04.654{C36AC009-615C-65EF-1C10-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005826Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:54:03.888{C36AC009-615B-65EF-1B10-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005825Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:54:03.135{C36AC009-615B-65EF-1A10-000000005403}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005824Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:54:02.372{C36AC009-615A-65EF-1910-000000005403}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005823Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:53:05.202{C36AC009-6121-65EF-1810-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005822Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:53:04.450{C36AC009-6120-65EF-1710-000000005403}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005821Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:53:03.700{C36AC009-611F-65EF-1610-000000005403}4964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005820Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:53:03.106{C36AC009-611F-65EF-1510-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005819Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:53:02.353{C36AC009-611E-65EF-1410-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005818Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:52:05.384{C36AC009-60E5-65EF-1310-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005817Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:52:04.618{C36AC009-60E4-65EF-1210-000000005403}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005816Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:52:03.866{C36AC009-60E3-65EF-1110-000000005403}5000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005815Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:52:03.114{C36AC009-60E3-65EF-1010-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005814Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:52:02.348{C36AC009-60E2-65EF-0F10-000000005403}2200C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005813Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:51:05.373{C36AC009-60A9-65EF-0E10-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005812Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:51:04.608{C36AC009-60A8-65EF-0D10-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005811Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:51:03.842{C36AC009-60A7-65EF-0C10-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005810Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:51:03.103{C36AC009-60A7-65EF-0B10-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005809Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:51:02.337{C36AC009-60A6-65EF-0A10-000000005403}304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005808Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:50:05.353{C36AC009-606D-65EF-0910-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005807Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:50:04.600{C36AC009-606C-65EF-0810-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005806Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:50:03.847{C36AC009-606B-65EF-0710-000000005403}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005805Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:50:03.097{C36AC009-606B-65EF-0610-000000005403}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005804Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:50:02.344{C36AC009-606A-65EF-0510-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005803Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:49:11.198{C36AC009-6037-65EF-0410-000000005403}5068C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005802Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:49:11.158{C36AC009-6037-65EF-0310-000000005403}2076C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005801Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:49:11.122{C36AC009-6037-65EF-0210-000000005403}4752C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005800Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:49:11.057{C36AC009-6037-65EF-0010-000000005403}4724C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005799Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:49:05.366{C36AC009-6031-65EF-FF0F-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005798Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:49:04.612{C36AC009-6030-65EF-FE0F-000000005403}2492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005797Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:49:03.847{C36AC009-602F-65EF-FD0F-000000005403}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005796Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:49:03.093{C36AC009-602F-65EF-FC0F-000000005403}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005795Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:49:02.339{C36AC009-602E-65EF-FB0F-000000005403}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005794Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:48:05.224{C36AC009-5FF5-65EF-FA0F-000000005403}764C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005793Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:48:04.599{C36AC009-5FF4-65EF-F90F-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005792Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:48:03.840{C36AC009-5FF3-65EF-F80F-000000005403}1948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005791Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:48:03.074{C36AC009-5FF3-65EF-F70F-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005790Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:48:02.324{C36AC009-5FF2-65EF-F60F-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005789Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:47:05.346{C36AC009-5FB9-65EF-F50F-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005788Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:47:04.587{C36AC009-5FB8-65EF-F40F-000000005403}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005787Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:47:03.836{C36AC009-5FB7-65EF-F30F-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005786Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:47:03.081{C36AC009-5FB7-65EF-F20F-000000005403}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005785Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:47:02.326{C36AC009-5FB6-65EF-F10F-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005784Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:46:05.365{C36AC009-5F7D-65EF-F00F-000000005403}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005783Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:46:04.610{C36AC009-5F7C-65EF-EF0F-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005782Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:46:03.844{C36AC009-5F7B-65EF-EE0F-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005781Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:46:03.083{C36AC009-5F7B-65EF-ED0F-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005780Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:46:02.333{C36AC009-5F7A-65EF-EC0F-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005779Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:45:05.325{C36AC009-5F41-65EF-EB0F-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005778Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:45:04.569{C36AC009-5F40-65EF-EA0F-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005777Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:45:03.821{C36AC009-5F3F-65EF-E90F-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005776Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:45:03.071{C36AC009-5F3F-65EF-E80F-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005775Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:45:02.321{C36AC009-5F3E-65EF-E70F-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005774Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:44:11.184{C36AC009-5F0B-65EF-E60F-000000005403}2116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005773Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:44:11.145{C36AC009-5F0B-65EF-E50F-000000005403}1992C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005772Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:44:11.109{C36AC009-5F0B-65EF-E40F-000000005403}3628C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005771Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:44:11.044{C36AC009-5F0B-65EF-E20F-000000005403}848C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005770Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:44:05.241{C36AC009-5F05-65EF-E10F-000000005403}3700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005769Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:44:04.484{C36AC009-5F04-65EF-E00F-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005768Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:44:03.718{C36AC009-5F03-65EF-DF0F-000000005403}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005767Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:44:03.077{C36AC009-5F03-65EF-DE0F-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005766Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:44:02.312{C36AC009-5F02-65EF-DD0F-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005765Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:43:05.350{C36AC009-5EC9-65EF-DC0F-000000005403}4176C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005764Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:43:04.584{C36AC009-5EC8-65EF-DB0F-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005763Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:43:03.820{C36AC009-5EC7-65EF-DA0F-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005762Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:43:03.079{C36AC009-5EC7-65EF-D90F-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005761Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:43:02.313{C36AC009-5EC6-65EF-D80F-000000005403}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005760Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:42:05.244{C36AC009-5E8D-65EF-D70F-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005759Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:42:04.502{C36AC009-5E8C-65EF-D60F-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005758Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:42:03.737{C36AC009-5E8B-65EF-D50F-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005757Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:42:03.065{C36AC009-5E8B-65EF-D40F-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005756Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:42:02.307{C36AC009-5E8A-65EF-D30F-000000005403}4864C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005755Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:41:05.286{C36AC009-5E51-65EF-D20F-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005754Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:41:04.536{C36AC009-5E50-65EF-D10F-000000005403}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005753Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:41:03.785{C36AC009-5E4F-65EF-D00F-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005752Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:41:03.042{C36AC009-5E4F-65EF-CF0F-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005751Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:41:02.292{C36AC009-5E4E-65EF-CE0F-000000005403}1176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005750Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:40:05.279{C36AC009-5E15-65EF-CD0F-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005749Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:40:04.520{C36AC009-5E14-65EF-CC0F-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005748Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:40:03.755{C36AC009-5E13-65EF-CB0F-000000005403}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005747Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:40:03.046{C36AC009-5E13-65EF-CA0F-000000005403}4436C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005746Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:40:02.296{C36AC009-5E12-65EF-C90F-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005745Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:39:11.176{C36AC009-5DDF-65EF-C80F-000000005403}5084C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005744Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:39:11.138{C36AC009-5DDF-65EF-C70F-000000005403}1004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005743Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:39:11.101{C36AC009-5DDF-65EF-C60F-000000005403}1580C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005742Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:39:11.037{C36AC009-5DDF-65EF-C40F-000000005403}3260C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005741Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:39:05.271{C36AC009-5DD9-65EF-C30F-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005740Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:39:04.583{C36AC009-5DD8-65EF-C20F-000000005403}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005739Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:39:03.823{C36AC009-5DD7-65EF-C10F-000000005403}304C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005738Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:39:03.053{C36AC009-5DD7-65EF-C00F-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005737Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:39:02.293{C36AC009-5DD6-65EF-BF0F-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005736Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:38:05.261{C36AC009-5D9D-65EF-BE0F-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005735Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:38:04.501{C36AC009-5D9C-65EF-BD0F-000000005403}5004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005734Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:38:03.737{C36AC009-5D9B-65EF-BC0F-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005733Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:38:03.037{C36AC009-5D9B-65EF-BB0F-000000005403}3436C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005732Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:38:02.282{C36AC009-5D9A-65EF-BA0F-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005731Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:37:05.317{C36AC009-5D61-65EF-B90F-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005730Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:37:04.552{C36AC009-5D60-65EF-B80F-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005729Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:37:03.790{C36AC009-5D5F-65EF-B70F-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005728Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:37:03.045{C36AC009-5D5F-65EF-B60F-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005727Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:37:02.283{C36AC009-5D5E-65EF-B50F-000000005403}3492C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005726Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:36:05.224{C36AC009-5D25-65EF-B40F-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005725Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:36:04.459{C36AC009-5D24-65EF-B30F-000000005403}1176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005724Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:36:03.698{C36AC009-5D23-65EF-B20F-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005723Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:36:03.030{C36AC009-5D23-65EF-B10F-000000005403}1948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005722Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:36:02.268{C36AC009-5D22-65EF-B00F-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005721Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:35:05.249{C36AC009-5CE9-65EF-AF0F-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005720Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:35:04.530{C36AC009-5CE8-65EF-AE0F-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005719Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:35:03.771{C36AC009-5CE7-65EF-AD0F-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005718Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:35:03.021{C36AC009-5CE7-65EF-AC0F-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005717Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:35:02.259{C36AC009-5CE6-65EF-AB0F-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005716Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:34:11.165{C36AC009-5CB3-65EF-AA0F-000000005403}4676C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005715Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:34:11.125{C36AC009-5CB3-65EF-A90F-000000005403}5048C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005714Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:34:11.090{C36AC009-5CB3-65EF-A80F-000000005403}92C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005713Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:34:11.024{C36AC009-5CB3-65EF-A60F-000000005403}4812C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005712Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:34:05.303{C36AC009-5CAD-65EF-A50F-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005711Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:34:04.538{C36AC009-5CAC-65EF-A40F-000000005403}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005710Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:34:03.792{C36AC009-5CAB-65EF-A30F-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005709Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:34:03.028{C36AC009-5CAB-65EF-A20F-000000005403}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005708Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:34:02.262{C36AC009-5CAA-65EF-A10F-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005707Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:33:05.157{C36AC009-5C71-65EF-A00F-000000005403}3748C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005706Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:33:04.531{C36AC009-5C70-65EF-9F0F-000000005403}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005705Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:33:03.768{C36AC009-5C6F-65EF-9E0F-000000005403}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005704Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:33:03.020{C36AC009-5C6F-65EF-9D0F-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005703Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:33:02.255{C36AC009-5C6E-65EF-9C0F-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005702Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:32:05.310{C36AC009-5C35-65EF-9B0F-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005701Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:32:04.553{C36AC009-5C34-65EF-9A0F-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005700Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:32:03.789{C36AC009-5C33-65EF-990F-000000005403}4844C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005699Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:32:03.025{C36AC009-5C33-65EF-980F-000000005403}724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005698Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:32:02.259{C36AC009-5C32-65EF-970F-000000005403}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005697Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:31:05.128{C36AC009-5BF9-65EF-960F-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005696Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:31:04.364{C36AC009-5BF8-65EF-950F-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005695Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:31:03.615{C36AC009-5BF7-65EF-940F-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005694Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:31:03.025{C36AC009-5BF7-65EF-930F-000000005403}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005693Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:31:02.259{C36AC009-5BF6-65EF-920F-000000005403}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005692Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:30:05.270{C36AC009-5BBD-65EF-910F-000000005403}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005691Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:30:04.509{C36AC009-5BBC-65EF-900F-000000005403}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005690Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:30:03.743{C36AC009-5BBB-65EF-8F0F-000000005403}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005689Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:30:03.024{C36AC009-5BBB-65EF-8E0F-000000005403}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005688Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:30:02.259{C36AC009-5BBA-65EF-8D0F-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005687Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:29:11.162{C36AC009-5B87-65EF-8C0F-000000005403}4512C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005686Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:29:11.123{C36AC009-5B87-65EF-8B0F-000000005403}1348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005685Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:29:11.087{C36AC009-5B87-65EF-8A0F-000000005403}5112C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005684Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:29:11.022{C36AC009-5B87-65EF-880F-000000005403}2736C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005683Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:29:05.280{C36AC009-5B81-65EF-870F-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005682Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:29:04.510{C36AC009-5B80-65EF-860F-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005681Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:29:03.753{C36AC009-5B7F-65EF-850F-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005680Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:29:03.003{C36AC009-5B7F-65EF-840F-000000005403}1268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005679Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:29:02.237{C36AC009-5B7E-65EF-830F-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005678Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:28:05.271{C36AC009-5B45-65EF-820F-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005677Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:28:04.506{C36AC009-5B44-65EF-810F-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005676Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:28:03.743{C36AC009-5B43-65EF-800F-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005675Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:28:02.987{C36AC009-5B42-65EF-7F0F-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005674Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:28:02.221{C36AC009-5B42-65EF-7E0F-000000005403}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005673Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:27:05.192{C36AC009-5B09-65EF-7D0F-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005672Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:27:04.495{C36AC009-5B08-65EF-7C0F-000000005403}4392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005671Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:27:03.730{C36AC009-5B07-65EF-7B0F-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005670Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:27:02.964{C36AC009-5B06-65EF-7A0F-000000005403}2632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005669Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:27:02.211{C36AC009-5B06-65EF-790F-000000005403}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005668Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:26:05.258{C36AC009-5ACD-65EF-780F-000000005403}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005667Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:26:04.492{C36AC009-5ACC-65EF-770F-000000005403}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005666Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:26:03.741{C36AC009-5ACB-65EF-760F-000000005403}4404C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005665Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:26:02.977{C36AC009-5ACA-65EF-750F-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005664Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:26:02.212{C36AC009-5ACA-65EF-740F-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005663Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:25:05.039{C36AC009-5A91-65EF-730F-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005662Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:25:04.414{C36AC009-5A90-65EF-720F-000000005403}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005661Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:25:03.727{C36AC009-5A8F-65EF-710F-000000005403}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005660Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:25:02.969{C36AC009-5A8E-65EF-700F-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005659Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:25:02.203{C36AC009-5A8E-65EF-6F0F-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005658Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:24:11.146{C36AC009-5A5B-65EF-6E0F-000000005403}4796C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005657Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:24:11.108{C36AC009-5A5B-65EF-6D0F-000000005403}1956C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005656Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:24:11.071{C36AC009-5A5B-65EF-6C0F-000000005403}2348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005655Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:24:11.007{C36AC009-5A5B-65EF-6A0F-000000005403}4512C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005654Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:24:05.141{C36AC009-5A55-65EF-690F-000000005403}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005653Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:24:04.372{C36AC009-5A54-65EF-680F-000000005403}1992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005652Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:24:03.619{C36AC009-5A53-65EF-670F-000000005403}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005651Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:24:02.948{C36AC009-5A52-65EF-660F-000000005403}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005650Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:24:02.195{C36AC009-5A52-65EF-650F-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005649Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:23:05.214{C36AC009-5A19-65EF-640F-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005648Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:23:04.464{C36AC009-5A18-65EF-630F-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005647Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:23:03.696{C36AC009-5A17-65EF-620F-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005646Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:23:02.938{C36AC009-5A16-65EF-610F-000000005403}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005645Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:23:02.187{C36AC009-5A16-65EF-600F-000000005403}424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005644Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:22:05.190{C36AC009-59DD-65EF-5F0F-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005643Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:22:04.435{C36AC009-59DC-65EF-5E0F-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005642Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:22:03.685{C36AC009-59DB-65EF-5D0F-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005641Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:22:02.946{C36AC009-59DA-65EF-5C0F-000000005403}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005640Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:22:02.184{C36AC009-59DA-65EF-5B0F-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005639Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:21:05.218{C36AC009-59A1-65EF-5A0F-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005638Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:21:04.452{C36AC009-59A0-65EF-590F-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005637Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:21:03.697{C36AC009-599F-65EF-580F-000000005403}3348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005636Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:21:02.941{C36AC009-599E-65EF-570F-000000005403}304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005635Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:21:02.172{C36AC009-599E-65EF-560F-000000005403}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005634Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:20:05.030{C36AC009-5965-65EF-550F-000000005403}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005633Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:20:04.292{C36AC009-5964-65EF-540F-000000005403}3520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005632Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:20:03.536{C36AC009-5963-65EF-530F-000000005403}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005631Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:20:02.926{C36AC009-5962-65EF-520F-000000005403}3436C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005630Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:20:02.155{C36AC009-5962-65EF-510F-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005629Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:19:11.144{C36AC009-592F-65EF-500F-000000005403}2076C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005628Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:19:11.104{C36AC009-592F-65EF-4F0F-000000005403}4152C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005627Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:19:11.069{C36AC009-592F-65EF-4E0F-000000005403}1184C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005626Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:19:11.004{C36AC009-592F-65EF-4C0F-000000005403}3368C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005625Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:19:05.146{C36AC009-5929-65EF-4B0F-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005624Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:19:04.390{C36AC009-5928-65EF-4A0F-000000005403}2492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005623Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:19:03.649{C36AC009-5927-65EF-490F-000000005403}4844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005622Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:19:02.899{C36AC009-5926-65EF-480F-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005621Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:19:02.143{C36AC009-5926-65EF-470F-000000005403}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005620Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:18:04.600{C36AC009-58EC-65EF-460F-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005619Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:18:03.984{C36AC009-58EB-65EF-450F-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005618Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:18:03.359{C36AC009-58EB-65EF-440F-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005617Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:18:02.743{C36AC009-58EA-65EF-430F-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005616Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:18:02.142{C36AC009-58EA-65EF-420F-000000005403}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005615Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:17:05.019{C36AC009-58B1-65EF-410F-000000005403}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005614Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:17:04.262{C36AC009-58B0-65EF-400F-000000005403}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005613Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:17:03.505{C36AC009-58AF-65EF-3F0F-000000005403}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005612Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:17:02.895{C36AC009-58AE-65EF-3E0F-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005611Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:17:02.145{C36AC009-58AE-65EF-3D0F-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005610Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:16:05.149{C36AC009-5875-65EF-3C0F-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005609Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:16:04.399{C36AC009-5874-65EF-3B0F-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005608Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:16:03.649{C36AC009-5873-65EF-3A0F-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005607Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:16:02.886{C36AC009-5872-65EF-390F-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005606Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:16:02.120{C36AC009-5872-65EF-380F-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005605Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:15:04.999{C36AC009-5838-65EF-370F-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005604Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:15:04.245{C36AC009-5838-65EF-360F-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005603Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:15:03.480{C36AC009-5837-65EF-350F-000000005403}764C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005602Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:15:02.861{C36AC009-5836-65EF-340F-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005601Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:15:02.111{C36AC009-5836-65EF-330F-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005600Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:14:11.142{C36AC009-5803-65EF-320F-000000005403}4944C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005599Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:14:11.103{C36AC009-5803-65EF-310F-000000005403}4892C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005598Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:14:11.066{C36AC009-5803-65EF-300F-000000005403}1576C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005597Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:14:11.001{C36AC009-5803-65EF-2E0F-000000005403}4752C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005596Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:14:05.136{C36AC009-57FD-65EF-2D0F-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005595Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:14:04.377{C36AC009-57FC-65EF-2C0F-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005594Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:14:03.615{C36AC009-57FB-65EF-2B0F-000000005403}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005593Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:14:02.860{C36AC009-57FA-65EF-2A0F-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005592Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:14:02.093{C36AC009-57FA-65EF-290F-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005591Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:13:05.009{C36AC009-57C1-65EF-280F-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005590Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:13:04.368{C36AC009-57C0-65EF-270F-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005589Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:13:03.608{C36AC009-57BF-65EF-260F-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005588Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:13:02.848{C36AC009-57BE-65EF-250F-000000005403}1176C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005587Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:13:02.087{C36AC009-57BE-65EF-240F-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005586Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:12:05.129{C36AC009-5785-65EF-230F-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005585Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:12:04.354{C36AC009-5784-65EF-220F-000000005403}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005584Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:12:03.604{C36AC009-5783-65EF-210F-000000005403}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005583Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:12:02.843{C36AC009-5782-65EF-200F-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005582Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:12:02.083{C36AC009-5782-65EF-1F0F-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005581Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:11:04.964{C36AC009-5748-65EF-1E0F-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005580Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:11:04.354{C36AC009-5748-65EF-1D0F-000000005403}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005579Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:11:03.604{C36AC009-5747-65EF-1C0F-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005578Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:11:02.848{C36AC009-5746-65EF-1B0F-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005577Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:11:02.082{C36AC009-5746-65EF-1A0F-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005576Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:10:05.044{C36AC009-570D-65EF-190F-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005575Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:10:04.361{C36AC009-570C-65EF-180F-000000005403}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005574Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:10:03.595{C36AC009-570B-65EF-170F-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005573Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:10:02.823{C36AC009-570A-65EF-160F-000000005403}3484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005572Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:10:02.072{C36AC009-570A-65EF-150F-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005571Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:09:11.138{C36AC009-56D7-65EF-140F-000000005403}3556C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005570Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:09:11.098{C36AC009-56D7-65EF-130F-000000005403}1088C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005569Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:09:11.062{C36AC009-56D7-65EF-120F-000000005403}400C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005568Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:09:10.998{C36AC009-56D6-65EF-100F-000000005403}3592C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005567Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:09:05.078{C36AC009-56D1-65EF-0F0F-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005566Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:09:04.331{C36AC009-56D0-65EF-0E0F-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005565Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:09:03.569{C36AC009-56CF-65EF-0D0F-000000005403}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005564Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:09:02.819{C36AC009-56CE-65EF-0C0F-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005563Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:09:02.057{C36AC009-56CE-65EF-0B0F-000000005403}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005562Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:08:05.038{C36AC009-5695-65EF-0A0F-000000005403}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005561Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:08:04.273{C36AC009-5694-65EF-090F-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005560Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:08:03.510{C36AC009-5693-65EF-080F-000000005403}1732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005559Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:08:02.809{C36AC009-5692-65EF-070F-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005558Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:08:02.046{C36AC009-5692-65EF-060F-000000005403}2192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005557Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:07:05.085{C36AC009-5659-65EF-050F-000000005403}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005556Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:07:04.322{C36AC009-5658-65EF-040F-000000005403}1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005555Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:07:03.558{C36AC009-5657-65EF-030F-000000005403}2252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005554Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:07:02.810{C36AC009-5656-65EF-020F-000000005403}2828C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005553Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:07:02.044{C36AC009-5656-65EF-010F-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005552Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:06:04.915{C36AC009-561C-65EF-000F-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005551Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:06:04.305{C36AC009-561C-65EF-FF0E-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005550Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:06:03.541{C36AC009-561B-65EF-FE0E-000000005403}1176C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005549Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:06:02.776{C36AC009-561A-65EF-FD0E-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005548Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:06:02.026{C36AC009-561A-65EF-FC0E-000000005403}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005547Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:05:04.981{C36AC009-55E0-65EF-FB0E-000000005403}3584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005546Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:05:04.216{C36AC009-55E0-65EF-FA0E-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005545Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:05:03.452{C36AC009-55DF-65EF-F90E-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005544Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:05:02.779{C36AC009-55DE-65EF-F80E-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005543Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:05:02.014{C36AC009-55DE-65EF-F70E-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005542Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:04:11.139{C36AC009-55AB-65EF-F60E-000000005403}4732C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005541Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:04:11.099{C36AC009-55AB-65EF-F50E-000000005403}3320C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005540Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:04:11.061{C36AC009-55AB-65EF-F40E-000000005403}4584C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005539Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:04:10.996{C36AC009-55AA-65EF-F20E-000000005403}360C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005538Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:04:05.009{C36AC009-55A5-65EF-F10E-000000005403}5052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005537Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:04:04.259{C36AC009-55A4-65EF-F00E-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005536Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:04:03.509{C36AC009-55A3-65EF-EF0E-000000005403}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005535Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:04:02.760{C36AC009-55A2-65EF-EE0E-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005534Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:04:01.995{C36AC009-55A1-65EF-ED0E-000000005403}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005533Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:03:04.878{C36AC009-5568-65EF-EC0E-000000005403}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005532Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:03:04.237{C36AC009-5568-65EF-EB0E-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005531Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:03:03.487{C36AC009-5567-65EF-EA0E-000000005403}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005530Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:03:02.737{C36AC009-5566-65EF-E90E-000000005403}2184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005529Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:03:01.987{C36AC009-5565-65EF-E80E-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005528Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:02:04.903{C36AC009-552C-65EF-E70E-000000005403}2392C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005527Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:02:04.246{C36AC009-552C-65EF-E60E-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005526Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:02:03.495{C36AC009-552B-65EF-E50E-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005525Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:02:02.729{C36AC009-552A-65EF-E40E-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005524Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:02:01.979{C36AC009-5529-65EF-E30E-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005523Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:01:04.898{C36AC009-54F0-65EF-E20E-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005522Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:01:04.257{C36AC009-54F0-65EF-E10E-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005521Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:01:03.505{C36AC009-54EF-65EF-E00E-000000005403}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005520Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:01:02.738{C36AC009-54EE-65EF-DF0E-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005519Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:01:01.988{C36AC009-54ED-65EF-DE0E-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005518Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:00:04.918{C36AC009-54B4-65EF-DD0E-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005517Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:00:04.243{C36AC009-54B4-65EF-DC0E-000000005403}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005516Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:00:03.491{C36AC009-54B3-65EF-DB0E-000000005403}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005515Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:00:02.741{C36AC009-54B2-65EF-DA0E-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005514Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 19:00:01.988{C36AC009-54B1-65EF-D90E-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005513Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:59:11.130{C36AC009-547F-65EF-D80E-000000005403}4468C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005512Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:59:11.090{C36AC009-547F-65EF-D70E-000000005403}3812C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005511Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:59:11.054{C36AC009-547F-65EF-D60E-000000005403}4508C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005510Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:59:10.988{C36AC009-547E-65EF-D40E-000000005403}2460C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005509Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:59:04.945{C36AC009-5478-65EF-D30E-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005508Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:59:04.239{C36AC009-5478-65EF-D20E-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005507Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:59:03.489{C36AC009-5477-65EF-D10E-000000005403}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005506Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:59:02.736{C36AC009-5476-65EF-D00E-000000005403}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005505Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:59:01.983{C36AC009-5475-65EF-CF0E-000000005403}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005504Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:58:04.993{C36AC009-543C-65EF-CE0E-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005503Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:58:04.240{C36AC009-543C-65EF-CD0E-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005502Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:58:03.486{C36AC009-543B-65EF-CC0E-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005501Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:58:02.721{C36AC009-543A-65EF-CB0E-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005500Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:58:01.967{C36AC009-5439-65EF-CA0E-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005499Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:57:04.999{C36AC009-5400-65EF-C90E-000000005403}4408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005498Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:57:04.233{C36AC009-5400-65EF-C80E-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005497Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:57:03.479{C36AC009-53FF-65EF-C70E-000000005403}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005496Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:57:02.725{C36AC009-53FE-65EF-C60E-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005495Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:57:01.959{C36AC009-53FD-65EF-C50E-000000005403}2200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005494Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:56:04.956{C36AC009-53C4-65EF-C40E-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005493Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:56:04.237{C36AC009-53C4-65EF-C30E-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005492Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:56:03.487{C36AC009-53C3-65EF-C20E-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005491Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:56:02.713{C36AC009-53C2-65EF-C10E-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005490Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:56:01.948{C36AC009-53C1-65EF-C00E-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005489Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:55:04.805{C36AC009-5388-65EF-BF0E-000000005403}3956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005488Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:55:04.039{C36AC009-5388-65EF-BE0E-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005487Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:55:03.285{C36AC009-5387-65EF-BD0E-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005486Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:55:02.686{C36AC009-5386-65EF-BC0E-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005485Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:55:01.936{C36AC009-5385-65EF-BB0E-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005483Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:54:11.126{C36AC009-5353-65EF-BA0E-000000005403}1876C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005482Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:54:11.087{C36AC009-5353-65EF-B90E-000000005403}3628C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005481Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:54:11.052{C36AC009-5353-65EF-B80E-000000005403}5052C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005480Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:54:10.986{C36AC009-5352-65EF-B60E-000000005403}4768C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005479Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:54:04.879{C36AC009-534C-65EF-B50E-000000005403}4164C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005478Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:54:04.201{C36AC009-534C-65EF-B40E-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005477Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:54:03.445{C36AC009-534B-65EF-B30E-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005476Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:54:02.695{C36AC009-534A-65EF-B20E-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005475Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:54:01.940{C36AC009-5349-65EF-B10E-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005474Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:53:04.937{C36AC009-5310-65EF-B00E-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005473Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:53:04.176{C36AC009-5310-65EF-AF0E-000000005403}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005472Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:53:03.426{C36AC009-530F-65EF-AE0E-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005471Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:53:02.676{C36AC009-530E-65EF-AD0E-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005470Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:53:01.929{C36AC009-530D-65EF-AC0E-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005469Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:52:04.958{C36AC009-52D4-65EF-AB0E-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005468Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:52:04.192{C36AC009-52D4-65EF-AA0E-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005467Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:52:03.435{C36AC009-52D3-65EF-A90E-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005466Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:52:02.678{C36AC009-52D2-65EF-A80E-000000005403}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005465Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:52:01.938{C36AC009-52D1-65EF-A70E-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005464Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:51:04.835{C36AC009-5298-65EF-A60E-000000005403}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005463Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:51:04.186{C36AC009-5298-65EF-A50E-000000005403}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005462Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:51:03.436{C36AC009-5297-65EF-A40E-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005461Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:51:02.678{C36AC009-5296-65EF-A30E-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005460Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:51:01.936{C36AC009-5295-65EF-A20E-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005459Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:50:04.947{C36AC009-525C-65EF-A10E-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005458Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:50:04.188{C36AC009-525C-65EF-A00E-000000005403}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005457Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:50:03.430{C36AC009-525B-65EF-9F0E-000000005403}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005456Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:50:02.680{C36AC009-525A-65EF-9E0E-000000005403}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005455Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:50:01.921{C36AC009-5259-65EF-9D0E-000000005403}1088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005454Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:49:11.126{C36AC009-5227-65EF-9C0E-000000005403}3744C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005453Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:49:11.085{C36AC009-5227-65EF-9B0E-000000005403}2348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005452Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:49:11.048{C36AC009-5227-65EF-9A0E-000000005403}2620C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005451Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:49:10.984{C36AC009-5226-65EF-980E-000000005403}508C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005450Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:49:04.781{C36AC009-5220-65EF-970E-000000005403}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005449Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:49:04.031{C36AC009-5220-65EF-960E-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005448Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:49:03.281{C36AC009-521F-65EF-950E-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005447Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:49:02.685{C36AC009-521E-65EF-940E-000000005403}4200C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005446Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:49:01.919{C36AC009-521D-65EF-930E-000000005403}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005445Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:48:04.938{C36AC009-51E4-65EF-920E-000000005403}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005444Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:48:04.188{C36AC009-51E4-65EF-910E-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005443Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:48:03.435{C36AC009-51E3-65EF-900E-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005442Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:48:02.685{C36AC009-51E2-65EF-8F0E-000000005403}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005441Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:48:01.919{C36AC009-51E1-65EF-8E0E-000000005403}4436C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005440Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:47:04.932{C36AC009-51A8-65EF-8D0E-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005439Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:47:04.188{C36AC009-51A8-65EF-8C0E-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005438Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:47:03.429{C36AC009-51A7-65EF-8B0E-000000005403}5004C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005437Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:47:02.679{C36AC009-51A6-65EF-8A0E-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005436Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:47:01.919{C36AC009-51A5-65EF-890E-000000005403}2200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005435Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:46:04.855{C36AC009-516C-65EF-880E-000000005403}4952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005434Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:46:04.089{C36AC009-516C-65EF-870E-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005433Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:46:03.329{C36AC009-516B-65EF-860E-000000005403}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005432Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:46:02.646{C36AC009-516A-65EF-850E-000000005403}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005431Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:46:01.896{C36AC009-5169-65EF-840E-000000005403}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005430Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:45:04.769{C36AC009-5130-65EF-830E-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005429Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:45:04.159{C36AC009-5130-65EF-820E-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005428Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:45:03.413{C36AC009-512F-65EF-810E-000000005403}4532C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005427Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:45:02.647{C36AC009-512E-65EF-800E-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005426Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:45:01.886{C36AC009-512D-65EF-7F0E-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005425Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:44:11.113{C36AC009-50FB-65EF-7E0E-000000005403}360C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005424Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:44:11.073{C36AC009-50FB-65EF-7D0E-000000005403}4628C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005423Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:44:11.037{C36AC009-50FB-65EF-7C0E-000000005403}1476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005422Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:44:10.971{C36AC009-50FA-65EF-7A0E-000000005403}2348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005421Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:44:04.757{C36AC009-50F4-65EF-790E-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005420Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:44:04.011{C36AC009-50F4-65EF-780E-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005419Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:44:03.261{C36AC009-50F3-65EF-770E-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005418Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:44:02.640{C36AC009-50F2-65EF-760E-000000005403}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005417Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:44:01.890{C36AC009-50F1-65EF-750E-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005416Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:43:04.767{C36AC009-50B8-65EF-740E-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005415Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:43:04.004{C36AC009-50B8-65EF-730E-000000005403}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005414Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:43:03.242{C36AC009-50B7-65EF-720E-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005413Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:43:02.648{C36AC009-50B6-65EF-710E-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005412Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:43:01.885{C36AC009-50B5-65EF-700E-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005411Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:42:04.910{C36AC009-507C-65EF-6F0E-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005410Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:42:04.147{C36AC009-507C-65EF-6E0E-000000005403}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005409Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:42:03.384{C36AC009-507B-65EF-6D0E-000000005403}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005408Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:42:02.634{C36AC009-507A-65EF-6C0E-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005407Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:42:01.871{C36AC009-5079-65EF-6B0E-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005406Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:41:04.820{C36AC009-5040-65EF-6A0E-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005405Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:41:04.132{C36AC009-5040-65EF-690E-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005404Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:41:03.366{C36AC009-503F-65EF-680E-000000005403}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005403Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:41:02.604{C36AC009-503E-65EF-670E-000000005403}3524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005402Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:41:01.854{C36AC009-503D-65EF-660E-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005401Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:40:04.877{C36AC009-5004-65EF-650E-000000005403}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005400Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:40:04.111{C36AC009-5004-65EF-640E-000000005403}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005399Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:40:03.350{C36AC009-5003-65EF-630E-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005398Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:40:02.600{C36AC009-5002-65EF-620E-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005397Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:40:01.850{C36AC009-5001-65EF-610E-000000005403}4400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005396Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:39:11.109{C36AC009-4FCF-65EF-600E-000000005403}1116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005395Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:39:11.069{C36AC009-4FCF-65EF-5F0E-000000005403}592C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005394Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:39:11.033{C36AC009-4FCF-65EF-5E0E-000000005403}2956C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005393Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:39:10.968{C36AC009-4FCE-65EF-5C0E-000000005403}2044C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005392Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:39:04.821{C36AC009-4FC8-65EF-5B0E-000000005403}2200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005391Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:39:04.118{C36AC009-4FC8-65EF-5A0E-000000005403}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005390Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:39:03.353{C36AC009-4FC7-65EF-590E-000000005403}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005389Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:39:02.604{C36AC009-4FC6-65EF-580E-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005388Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:39:01.854{C36AC009-4FC5-65EF-570E-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005387Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:38:04.736{C36AC009-4F8C-65EF-560E-000000005403}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005386Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:38:04.095{C36AC009-4F8C-65EF-550E-000000005403}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005385Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:38:03.345{C36AC009-4F8B-65EF-540E-000000005403}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005384Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:38:02.596{C36AC009-4F8A-65EF-530E-000000005403}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005383Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:38:01.846{C36AC009-4F89-65EF-520E-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005382Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:37:04.862{C36AC009-4F50-65EF-510E-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005381Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:37:04.096{C36AC009-4F50-65EF-500E-000000005403}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005380Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:37:03.346{C36AC009-4F4F-65EF-4F0E-000000005403}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005379Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:37:02.595{C36AC009-4F4E-65EF-4E0E-000000005403}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005378Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:37:01.829{C36AC009-4F4D-65EF-4D0E-000000005403}4796C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005377Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:36:04.849{C36AC009-4F14-65EF-4C0E-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005376Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:36:04.097{C36AC009-4F14-65EF-4B0E-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005375Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:36:03.346{C36AC009-4F13-65EF-4A0E-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005374Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:36:02.580{C36AC009-4F12-65EF-490E-000000005403}4864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005373Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:36:01.829{C36AC009-4F11-65EF-480E-000000005403}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005372Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:35:04.796{C36AC009-4ED8-65EF-470E-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005371Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:35:04.093{C36AC009-4ED8-65EF-460E-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005370Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:35:03.354{C36AC009-4ED7-65EF-450E-000000005403}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005369Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:35:02.589{C36AC009-4ED6-65EF-440E-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005368Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:35:01.823{C36AC009-4ED5-65EF-430E-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005367Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:34:11.094{C36AC009-4EA3-65EF-420E-000000005403}4280C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005366Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:34:11.055{C36AC009-4EA3-65EF-410E-000000005403}912C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005365Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:34:11.018{C36AC009-4EA3-65EF-400E-000000005403}2044C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005364Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:34:10.952{C36AC009-4EA2-65EF-3E0E-000000005403}2300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005363Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:34:04.726{C36AC009-4E9C-65EF-3D0E-000000005403}4972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005362Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:34:04.096{C36AC009-4E9C-65EF-3C0E-000000005403}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005361Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:34:03.330{C36AC009-4E9B-65EF-3B0E-000000005403}4964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005360Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:34:02.580{C36AC009-4E9A-65EF-3A0E-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005359Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:34:01.814{C36AC009-4E99-65EF-390E-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005358Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:33:04.717{C36AC009-4E60-65EF-380E-000000005403}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005357Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:33:03.964{C36AC009-4E5F-65EF-370E-000000005403}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005356Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:33:03.212{C36AC009-4E5F-65EF-360E-000000005403}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005355Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:33:02.565{C36AC009-4E5E-65EF-350E-000000005403}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005354Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:33:01.812{C36AC009-4E5D-65EF-340E-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005353Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:32:04.777{C36AC009-4E24-65EF-330E-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005352Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:32:04.024{C36AC009-4E24-65EF-320E-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005351Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:32:03.271{C36AC009-4E23-65EF-310E-000000005403}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005350Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:32:02.549{C36AC009-4E22-65EF-300E-000000005403}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005349Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:32:01.796{C36AC009-4E21-65EF-2F0E-000000005403}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005348Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:31:04.678{C36AC009-4DE8-65EF-2E0E-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005347Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:31:04.035{C36AC009-4DE8-65EF-2D0E-000000005403}4444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005346Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:31:03.284{C36AC009-4DE7-65EF-2C0E-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005345Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:31:02.530{C36AC009-4DE6-65EF-2B0E-000000005403}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005344Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:31:01.776{C36AC009-4DE5-65EF-2A0E-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005343Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:30:04.800{C36AC009-4DAC-65EF-280E-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005342Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:30:04.050{C36AC009-4DAC-65EF-270E-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005341Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:30:03.291{C36AC009-4DAB-65EF-260E-000000005403}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005340Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:30:02.526{C36AC009-4DAA-65EF-250E-000000005403}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005339Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:30:01.767{C36AC009-4DA9-65EF-240E-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005338Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:29:11.093{C36AC009-4D77-65EF-230E-000000005403}2200C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005337Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:29:11.053{C36AC009-4D77-65EF-220E-000000005403}3484C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005336Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:29:11.018{C36AC009-4D77-65EF-210E-000000005403}4420C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005335Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:29:10.952{C36AC009-4D76-65EF-1F0E-000000005403}5072C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005334Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:29:04.607{C36AC009-4D70-65EF-1E0E-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005333Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:29:03.846{C36AC009-4D6F-65EF-1D0E-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005332Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:29:03.096{C36AC009-4D6F-65EF-1C0E-000000005403}1992C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005331Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:29:02.502{C36AC009-4D6E-65EF-1B0E-000000005403}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005330Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:29:01.747{C36AC009-4D6D-65EF-1A0E-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005328Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:28:04.684{C36AC009-4D34-65EF-190E-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005327Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:28:04.012{C36AC009-4D34-65EF-180E-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005326Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:28:03.252{C36AC009-4D33-65EF-170E-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005325Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:28:02.496{C36AC009-4D32-65EF-160E-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005324Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:28:01.730{C36AC009-4D31-65EF-150E-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005323Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:27:04.741{C36AC009-4CF8-65EF-140E-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005322Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:27:03.969{C36AC009-4CF7-65EF-130E-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005321Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:27:03.213{C36AC009-4CF7-65EF-120E-000000005403}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005320Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:27:02.494{C36AC009-4CF6-65EF-110E-000000005403}5040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005319Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:27:01.737{C36AC009-4CF5-65EF-100E-000000005403}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005318Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:26:04.727{C36AC009-4CBC-65EF-0F0E-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005317Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:26:03.977{C36AC009-4CBB-65EF-0E0E-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005316Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:26:03.227{C36AC009-4CBB-65EF-0D0E-000000005403}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005315Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:26:02.474{C36AC009-4CBA-65EF-0C0E-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005314Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:26:01.724{C36AC009-4CB9-65EF-0B0E-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005313Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:25:04.629{C36AC009-4C80-65EF-0A0E-000000005403}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005312Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:25:03.973{C36AC009-4C7F-65EF-090E-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005311Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:25:03.215{C36AC009-4C7F-65EF-080E-000000005403}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005310Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:25:02.474{C36AC009-4C7E-65EF-070E-000000005403}4408C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005309Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:25:01.724{C36AC009-4C7D-65EF-060E-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005307Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:24:11.082{C36AC009-4C4B-65EF-050E-000000005403}4964C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005306Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:24:11.043{C36AC009-4C4B-65EF-040E-000000005403}4304C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005305Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:24:11.007{C36AC009-4C4B-65EF-030E-000000005403}3040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005304Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:24:10.942{C36AC009-4C4A-65EF-010E-000000005403}4460C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005303Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:24:04.605{C36AC009-4C44-65EF-000E-000000005403}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005302Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:24:03.847{C36AC009-4C43-65EF-FF0D-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005301Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:24:03.082{C36AC009-4C43-65EF-FE0D-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005300Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:24:02.480{C36AC009-4C42-65EF-FD0D-000000005403}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005299Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:24:01.722{C36AC009-4C41-65EF-FC0D-000000005403}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005298Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:23:04.643{C36AC009-4C08-65EF-FB0D-000000005403}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005297Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:23:03.893{C36AC009-4C07-65EF-FA0D-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005296Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:23:03.143{C36AC009-4C07-65EF-F90D-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005295Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:23:02.473{C36AC009-4C06-65EF-F80D-000000005403}1088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005294Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:23:01.723{C36AC009-4C05-65EF-F70D-000000005403}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005293Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:22:04.757{C36AC009-4BCC-65EF-F60D-000000005403}4972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005292Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:22:03.989{C36AC009-4BCB-65EF-F50D-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005291Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:22:03.230{C36AC009-4BCB-65EF-F40D-000000005403}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005290Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:22:02.470{C36AC009-4BCA-65EF-F30D-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005289Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:22:01.720{C36AC009-4BC9-65EF-F20D-000000005403}708C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005288Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:21:04.751{C36AC009-4B90-65EF-F10D-000000005403}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005287Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:21:03.989{C36AC009-4B8F-65EF-F00D-000000005403}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005286Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:21:03.233{C36AC009-4B8F-65EF-EF0D-000000005403}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005285Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:21:02.468{C36AC009-4B8E-65EF-EE0D-000000005403}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005284Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:21:01.702{C36AC009-4B8D-65EF-ED0D-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005283Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:20:04.593{C36AC009-4B54-65EF-EC0D-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005282Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:20:03.973{C36AC009-4B53-65EF-EB0D-000000005403}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005281Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:20:03.216{C36AC009-4B53-65EF-EA0D-000000005403}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005280Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:20:02.466{C36AC009-4B52-65EF-E90D-000000005403}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005279Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:20:01.706{C36AC009-4B51-65EF-E80D-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005278Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:19:11.079{C36AC009-4B1F-65EF-E70D-000000005403}948C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005277Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:19:11.039{C36AC009-4B1F-65EF-E60D-000000005403}5036C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005276Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:19:11.004{C36AC009-4B1F-65EF-E50D-000000005403}4492C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005275Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:19:10.938{C36AC009-4B1E-65EF-E30D-000000005403}4752C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005274Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:19:04.612{C36AC009-4B18-65EF-E20D-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005273Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:19:03.846{C36AC009-4B17-65EF-E10D-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005272Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:19:03.081{C36AC009-4B17-65EF-E00D-000000005403}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005271Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:19:02.444{C36AC009-4B16-65EF-DF0D-000000005403}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005270Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:19:01.678{C36AC009-4B15-65EF-DE0D-000000005403}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005269Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:18:04.735{C36AC009-4ADC-65EF-DD0D-000000005403}1732C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005268Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:18:03.961{C36AC009-4ADB-65EF-DC0D-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005267Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:18:03.195{C36AC009-4ADB-65EF-DB0D-000000005403}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005266Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:18:02.439{C36AC009-4ADA-65EF-DA0D-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005265Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:18:01.677{C36AC009-4AD9-65EF-D90D-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005264Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:17:04.695{C36AC009-4AA0-65EF-D80D-000000005403}3584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005263Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:17:03.929{C36AC009-4A9F-65EF-D70D-000000005403}3116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005262Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:17:03.167{C36AC009-4A9F-65EF-D60D-000000005403}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005261Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:17:02.414{C36AC009-4A9E-65EF-D50D-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005260Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:17:01.664{C36AC009-4A9D-65EF-D40D-000000005403}3040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005259Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:16:04.629{C36AC009-4A64-65EF-D30D-000000005403}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005258Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:16:03.879{C36AC009-4A63-65EF-D20D-000000005403}764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005257Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:16:03.120{C36AC009-4A63-65EF-D10D-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005256Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:16:02.416{C36AC009-4A62-65EF-D00D-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005255Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:16:01.657{C36AC009-4A61-65EF-CF0D-000000005403}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005254Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:15:04.698{C36AC009-4A28-65EF-CE0D-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005253Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:15:03.933{C36AC009-4A27-65EF-CD0D-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005252Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:15:03.169{C36AC009-4A27-65EF-CC0D-000000005403}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005251Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:15:02.406{C36AC009-4A26-65EF-CB0D-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005250Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:15:01.653{C36AC009-4A25-65EF-CA0D-000000005403}944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005249Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:14:11.076{C36AC009-49F3-65EF-C90D-000000005403}3040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005248Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:14:11.036{C36AC009-49F3-65EF-C80D-000000005403}4492C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005247Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:14:11.000{C36AC009-49F3-65EF-C70D-000000005403}2812C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005246Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:14:10.935{C36AC009-49F2-65EF-C50D-000000005403}4632C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005245Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:14:04.701{C36AC009-49EC-65EF-C40D-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005244Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:14:03.936{C36AC009-49EB-65EF-C30D-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005243Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:14:03.173{C36AC009-49EB-65EF-C20D-000000005403}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005242Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:14:02.423{C36AC009-49EA-65EF-C10D-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005241Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:14:01.655{C36AC009-49E9-65EF-C00D-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005240Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:13:04.586{C36AC009-49B0-65EF-BF0D-000000005403}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005239Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:13:03.837{C36AC009-49AF-65EF-BE0D-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005238Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:13:03.165{C36AC009-49AF-65EF-BD0D-000000005403}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005237Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:13:02.415{C36AC009-49AE-65EF-BC0D-000000005403}4732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005236Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:13:01.650{C36AC009-49AD-65EF-BB0D-000000005403}4340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005235Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:12:04.202{C36AC009-4974-65EF-BA0D-000000005403}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005234Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:12:03.577{C36AC009-4973-65EF-B90D-000000005403}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005233Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:12:02.952{C36AC009-4972-65EF-B80D-000000005403}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005232Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:12:02.327{C36AC009-4972-65EF-B70D-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005231Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:12:01.640{C36AC009-4971-65EF-B60D-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005230Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:11:04.387{C36AC009-4938-65EF-B50D-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005229Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:11:03.653{C36AC009-4937-65EF-B40D-000000005403}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005228Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:11:02.887{C36AC009-4936-65EF-B30D-000000005403}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005227Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:11:02.270{C36AC009-4936-65EF-B20D-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005226Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:11:01.629{C36AC009-4935-65EF-B10D-000000005403}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005225Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:10:04.626{C36AC009-48FC-65EF-B00D-000000005403}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005224Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:10:03.876{C36AC009-48FB-65EF-AF0D-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005223Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:10:03.110{C36AC009-48FB-65EF-AE0D-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005222Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:10:02.373{C36AC009-48FA-65EF-AD0D-000000005403}3596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005221Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:10:01.623{C36AC009-48F9-65EF-AC0D-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005220Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:09:11.059{C36AC009-48C7-65EF-AB0D-000000005403}4304C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005219Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:09:11.018{C36AC009-48C7-65EF-AA0D-000000005403}856C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005218Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:09:10.982{C36AC009-48C6-65EF-A90D-000000005403}4400C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005217Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:09:10.917{C36AC009-48C6-65EF-A70D-000000005403}3956C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005216Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:09:04.623{C36AC009-48C0-65EF-A60D-000000005403}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005215Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:09:03.871{C36AC009-48BF-65EF-A50D-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005214Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:09:03.121{C36AC009-48BF-65EF-A40D-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005213Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:09:02.370{C36AC009-48BE-65EF-A30D-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005212Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:09:01.619{C36AC009-48BD-65EF-A20D-000000005403}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005211Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:08:04.617{C36AC009-4884-65EF-A10D-000000005403}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005210Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:08:03.865{C36AC009-4883-65EF-A00D-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005209Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:08:03.115{C36AC009-4883-65EF-9F0D-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005208Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:08:02.363{C36AC009-4882-65EF-9E0D-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005207Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:08:01.611{C36AC009-4881-65EF-9D0D-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005206Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:07:04.514{C36AC009-4848-65EF-9C0D-000000005403}4972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005205Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:07:03.873{C36AC009-4847-65EF-9B0D-000000005403}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005204Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:07:03.120{C36AC009-4847-65EF-9A0D-000000005403}1604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005203Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:07:02.367{C36AC009-4846-65EF-990D-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005202Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:07:01.599{C36AC009-4845-65EF-980D-000000005403}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005201Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:06:04.558{C36AC009-480C-65EF-970D-000000005403}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005200Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:06:03.867{C36AC009-480B-65EF-960D-000000005403}4200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005199Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:06:03.114{C36AC009-480B-65EF-950D-000000005403}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005198Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:06:02.348{C36AC009-480A-65EF-940D-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005197Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:06:01.595{C36AC009-4809-65EF-930D-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005196Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:05:04.547{C36AC009-47D0-65EF-920D-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005195Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:05:03.789{C36AC009-47CF-65EF-910D-000000005403}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005194Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:05:03.023{C36AC009-47CF-65EF-900D-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005193Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:05:02.347{C36AC009-47CE-65EF-8F0D-000000005403}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005192Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:05:01.593{C36AC009-47CD-65EF-8E0D-000000005403}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005191Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:04:11.055{C36AC009-479B-65EF-8D0D-000000005403}3804C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005190Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:04:11.014{C36AC009-479B-65EF-8C0D-000000005403}3488C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005189Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:04:10.978{C36AC009-479A-65EF-8B0D-000000005403}3476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005188Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:04:10.912{C36AC009-479A-65EF-890D-000000005403}4300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005187Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:04:04.592{C36AC009-4794-65EF-880D-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005186Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:04:03.837{C36AC009-4793-65EF-870D-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005185Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:04:03.082{C36AC009-4793-65EF-860D-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005184Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:04:02.332{C36AC009-4792-65EF-850D-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005183Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:04:01.578{C36AC009-4791-65EF-840D-000000005403}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005182Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:03:04.629{C36AC009-4758-65EF-830D-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005181Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:03:03.867{C36AC009-4757-65EF-820D-000000005403}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005180Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:03:03.102{C36AC009-4757-65EF-810D-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005179Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:03:02.346{C36AC009-4756-65EF-800D-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005178Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:03:01.575{C36AC009-4755-65EF-7F0D-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005177Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:02:04.615{C36AC009-471C-65EF-7E0D-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005176Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:02:03.850{C36AC009-471B-65EF-7D0D-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005175Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:02:03.093{C36AC009-471B-65EF-7C0D-000000005403}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005174Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:02:02.337{C36AC009-471A-65EF-7B0D-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005173Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:02:01.572{C36AC009-4719-65EF-7A0D-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005172Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:01:04.427{C36AC009-46E0-65EF-790D-000000005403}3748C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005171Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:01:03.670{C36AC009-46DF-65EF-780D-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005170Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:01:02.914{C36AC009-46DE-65EF-770D-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005169Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:01:02.320{C36AC009-46DE-65EF-760D-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005168Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:01:01.564{C36AC009-46DD-65EF-750D-000000005403}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005167Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:00:04.586{C36AC009-46A4-65EF-740D-000000005403}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005166Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:00:03.821{C36AC009-46A3-65EF-730D-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005165Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:00:03.056{C36AC009-46A3-65EF-720D-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005164Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:00:02.307{C36AC009-46A2-65EF-710D-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005163Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 18:00:01.557{C36AC009-46A1-65EF-6F0D-000000005403}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005162Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:59:11.043{C36AC009-466F-65EF-6E0D-000000005403}1580C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005161Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:59:11.002{C36AC009-466F-65EF-6D0D-000000005403}2996C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005160Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:59:10.965{C36AC009-466E-65EF-6C0D-000000005403}1000C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005159Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:59:10.900{C36AC009-466E-65EF-6A0D-000000005403}4240C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005158Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:59:04.468{C36AC009-4668-65EF-690D-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005157Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:59:03.858{C36AC009-4667-65EF-680D-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005156Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:59:03.093{C36AC009-4667-65EF-670D-000000005403}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005155Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:59:02.328{C36AC009-4666-65EF-660D-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005154Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:59:01.554{C36AC009-4665-65EF-650D-000000005403}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005153Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:58:04.517{C36AC009-462C-65EF-640D-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005152Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:58:03.743{C36AC009-462B-65EF-630D-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005151Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:58:02.977{C36AC009-462A-65EF-620D-000000005403}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005150Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:58:02.305{C36AC009-462A-65EF-610D-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005149Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:58:01.539{C36AC009-4629-65EF-600D-000000005403}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005148Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:57:04.536{C36AC009-45F0-65EF-5F0D-000000005403}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005147Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:57:03.770{C36AC009-45EF-65EF-5E0D-000000005403}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005146Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:57:03.011{C36AC009-45EF-65EF-5D0D-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005145Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:57:02.283{C36AC009-45EE-65EF-5C0D-000000005403}4364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005144Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:57:01.533{C36AC009-45ED-65EF-5B0D-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005143Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:56:04.474{C36AC009-45B4-65EF-5A0D-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005142Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:56:03.817{C36AC009-45B3-65EF-590D-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005141Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:56:03.058{C36AC009-45B3-65EF-580D-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005140Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:56:02.298{C36AC009-45B2-65EF-570D-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005139Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:56:01.532{C36AC009-45B1-65EF-560D-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005138Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:55:04.540{C36AC009-4578-65EF-550D-000000005403}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005137Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:55:03.790{C36AC009-4577-65EF-540D-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005136Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:55:03.040{C36AC009-4577-65EF-530D-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005135Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:55:02.285{C36AC009-4576-65EF-520D-000000005403}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005134Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:55:01.519{C36AC009-4575-65EF-510D-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005133Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:54:11.045{C36AC009-4543-65EF-500D-000000005403}2828C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005132Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:54:11.005{C36AC009-4543-65EF-4F0D-000000005403}3488C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005131Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:54:10.967{C36AC009-4542-65EF-4E0D-000000005403}3476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005130Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:54:10.901{C36AC009-4542-65EF-4C0D-000000005403}4912C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005129Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:54:04.440{C36AC009-453C-65EF-4B0D-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005128Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:54:03.684{C36AC009-453B-65EF-4A0D-000000005403}1876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005127Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:54:02.930{C36AC009-453A-65EF-490D-000000005403}2908C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005126Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:54:02.263{C36AC009-453A-65EF-480D-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005125Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:54:01.513{C36AC009-4539-65EF-470D-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005124Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:53:04.554{C36AC009-4500-65EF-460D-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005123Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:53:03.798{C36AC009-44FF-65EF-450D-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005122Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:53:03.036{C36AC009-44FF-65EF-440D-000000005403}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005121Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:53:02.274{C36AC009-44FE-65EF-430D-000000005403}4148C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005120Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:53:01.509{C36AC009-44FD-65EF-420D-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005119Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:52:04.487{C36AC009-44C4-65EF-410D-000000005403}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005118Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:52:03.721{C36AC009-44C3-65EF-400D-000000005403}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005117Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:52:02.960{C36AC009-44C2-65EF-3F0D-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005116Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:52:02.260{C36AC009-44C2-65EF-3E0D-000000005403}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005115Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:52:01.498{C36AC009-44C1-65EF-3D0D-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005114Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:51:04.485{C36AC009-4488-65EF-3C0D-000000005403}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005113Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:51:03.788{C36AC009-4487-65EF-3B0D-000000005403}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005112Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:51:03.023{C36AC009-4487-65EF-3A0D-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005111Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:51:02.257{C36AC009-4486-65EF-390D-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005110Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:51:01.498{C36AC009-4485-65EF-380D-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005109Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:50:04.515{C36AC009-444C-65EF-370D-000000005403}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005108Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:50:03.755{C36AC009-444B-65EF-360D-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005107Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:50:03.005{C36AC009-444B-65EF-350D-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005106Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:50:02.255{C36AC009-444A-65EF-340D-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005105Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:50:01.497{C36AC009-4449-65EF-330D-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005104Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:49:11.033{C36AC009-4417-65EF-320D-000000005403}3588C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005103Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:49:10.991{C36AC009-4416-65EF-310D-000000005403}3040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005102Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:49:10.956{C36AC009-4416-65EF-300D-000000005403}348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005101Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:49:10.891{C36AC009-4416-65EF-2E0D-000000005403}3648C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005100Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:49:04.499{C36AC009-4410-65EF-2D0D-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005099Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:49:03.753{C36AC009-440F-65EF-2C0D-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005098Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:49:03.003{C36AC009-440F-65EF-2B0D-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005097Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:49:02.253{C36AC009-440E-65EF-2A0D-000000005403}1600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005096Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:49:01.491{C36AC009-440D-65EF-290D-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005095Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:48:04.519{C36AC009-43D4-65EF-280D-000000005403}4556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005094Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:48:03.755{C36AC009-43D3-65EF-270D-000000005403}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005093Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:48:03.005{C36AC009-43D3-65EF-260D-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005092Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:48:02.240{C36AC009-43D2-65EF-250D-000000005403}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005091Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:48:01.476{C36AC009-43D1-65EF-240D-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005090Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:47:04.457{C36AC009-4398-65EF-230D-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005089Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:47:03.707{C36AC009-4397-65EF-220D-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005088Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:47:02.957{C36AC009-4396-65EF-210D-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005087Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:47:02.208{C36AC009-4396-65EF-200D-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005086Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:47:01.458{C36AC009-4395-65EF-1F0D-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005085Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:46:04.455{C36AC009-435C-65EF-1E0D-000000005403}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005084Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:46:03.705{C36AC009-435B-65EF-1D0D-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005083Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:46:02.940{C36AC009-435A-65EF-1C0D-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005082Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:46:02.205{C36AC009-435A-65EF-1B0D-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005081Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:46:01.439{C36AC009-4359-65EF-1A0D-000000005403}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005080Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:45:04.453{C36AC009-4320-65EF-190D-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005079Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:45:03.703{C36AC009-431F-65EF-180D-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005078Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:45:02.953{C36AC009-431E-65EF-170D-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005077Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:45:02.203{C36AC009-431E-65EF-160D-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005076Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:45:01.437{C36AC009-431D-65EF-150D-000000005403}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005075Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:44:11.020{C36AC009-42EB-65EF-140D-000000005403}4736C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005074Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:44:10.979{C36AC009-42EA-65EF-130D-000000005403}5040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005073Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:44:10.943{C36AC009-42EA-65EF-120D-000000005403}976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005072Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:44:10.878{C36AC009-42EA-65EF-100D-000000005403}2172C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005071Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:44:04.334{C36AC009-42E4-65EF-0F0D-000000005403}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005070Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:44:03.583{C36AC009-42E3-65EF-0E0D-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005069Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:44:02.834{C36AC009-42E2-65EF-0D0D-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005068Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:44:02.177{C36AC009-42E2-65EF-0C0D-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005067Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:44:01.425{C36AC009-42E1-65EF-0B0D-000000005403}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005066Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:43:04.284{C36AC009-42A8-65EF-0A0D-000000005403}4844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005065Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:43:03.532{C36AC009-42A7-65EF-090D-000000005403}4124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005064Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:43:02.767{C36AC009-42A6-65EF-080D-000000005403}4796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005063Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:43:02.171{C36AC009-42A6-65EF-070D-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005062Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:43:01.420{C36AC009-42A5-65EF-060D-000000005403}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005061Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:42:04.340{C36AC009-426C-65EF-050D-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005060Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:42:03.668{C36AC009-426B-65EF-040D-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005059Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:42:02.915{C36AC009-426A-65EF-030D-000000005403}3596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005058Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:42:02.163{C36AC009-426A-65EF-020D-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005057Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:42:01.413{C36AC009-4269-65EF-010D-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005056Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:41:04.324{C36AC009-4230-65EF-000D-000000005403}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005055Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:41:03.558{C36AC009-422F-65EF-FF0C-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005054Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:41:02.802{C36AC009-422E-65EF-FE0C-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005053Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:41:02.161{C36AC009-422E-65EF-FD0C-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005052Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:41:01.411{C36AC009-422D-65EF-FC0C-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005051Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:40:04.405{C36AC009-41F4-65EF-FB0C-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005050Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:40:03.655{C36AC009-41F3-65EF-FA0C-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005049Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:40:02.915{C36AC009-41F2-65EF-F90C-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005048Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:40:02.164{C36AC009-41F2-65EF-F80C-000000005403}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005047Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:40:01.414{C36AC009-41F1-65EF-F70C-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005046Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:39:11.008{C36AC009-41BF-65EF-F60C-000000005403}4480C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005045Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:39:10.966{C36AC009-41BE-65EF-F50C-000000005403}2724C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005044Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:39:10.931{C36AC009-41BE-65EF-F40C-000000005403}520C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005043Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:39:10.866{C36AC009-41BE-65EF-F20C-000000005403}3040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005042Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:39:04.458{C36AC009-41B8-65EF-F10C-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005041Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:39:03.688{C36AC009-41B7-65EF-F00C-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005040Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:39:02.933{C36AC009-41B6-65EF-EF0C-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005039Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:39:02.168{C36AC009-41B6-65EF-EE0C-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005038Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:39:01.413{C36AC009-41B5-65EF-ED0C-000000005403}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005037Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:38:04.386{C36AC009-417C-65EF-EC0C-000000005403}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005036Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:38:03.631{C36AC009-417B-65EF-EB0C-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005035Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:38:02.881{C36AC009-417A-65EF-EA0C-000000005403}304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005034Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:38:02.157{C36AC009-417A-65EF-E90C-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005033Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:38:01.402{C36AC009-4179-65EF-E80C-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005032Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:37:04.356{C36AC009-4140-65EF-E70C-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005031Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:37:03.653{C36AC009-413F-65EF-E60C-000000005403}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005030Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:37:02.913{C36AC009-413E-65EF-E50C-000000005403}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005029Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:37:02.158{C36AC009-413E-65EF-E40C-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005028Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:37:01.393{C36AC009-413D-65EF-E30C-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005027Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:36:04.258{C36AC009-4104-65EF-E20C-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005026Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:36:03.502{C36AC009-4103-65EF-E10C-000000005403}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005025Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:36:02.752{C36AC009-4102-65EF-E00C-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005024Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:36:02.142{C36AC009-4102-65EF-DF0C-000000005403}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005023Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:36:01.381{C36AC009-4101-65EF-DE0C-000000005403}2084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005022Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:35:04.418{C36AC009-40C8-65EF-DD0C-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005021Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:35:03.656{C36AC009-40C7-65EF-DC0C-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005020Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:35:02.890{C36AC009-40C6-65EF-DB0C-000000005403}3700C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005019Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:35:02.124{C36AC009-40C6-65EF-DA0C-000000005403}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005018Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:35:01.371{C36AC009-40C5-65EF-D90C-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005017Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:34:11.006{C36AC009-4093-65EF-D80C-000000005403}3460C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005016Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:34:10.966{C36AC009-4092-65EF-D70C-000000005403}1020C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005015Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:34:10.930{C36AC009-4092-65EF-D60C-000000005403}1984C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005014Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:34:10.865{C36AC009-4092-65EF-D40C-000000005403}1560C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005013Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:34:04.352{C36AC009-408C-65EF-D30C-000000005403}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005012Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:34:03.608{C36AC009-408B-65EF-D20C-000000005403}4768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005011Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:34:02.858{C36AC009-408A-65EF-D10C-000000005403}4164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005010Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:34:02.108{C36AC009-408A-65EF-D00C-000000005403}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005009Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:34:01.360{C36AC009-4089-65EF-CF0C-000000005403}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005008Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:33:04.253{C36AC009-4050-65EF-CE0C-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005007Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:33:03.495{C36AC009-404F-65EF-CD0C-000000005403}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005006Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:33:02.754{C36AC009-404E-65EF-CC0C-000000005403}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005005Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:33:02.112{C36AC009-404E-65EF-CB0C-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005004Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:33:01.362{C36AC009-404D-65EF-CA0C-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005003Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:32:04.330{C36AC009-4014-65EF-C90C-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005002Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:32:03.626{C36AC009-4013-65EF-C80C-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005001Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:32:02.876{C36AC009-4012-65EF-C70C-000000005403}1404C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005000Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:32:02.118{C36AC009-4012-65EF-C60C-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004999Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:32:01.359{C36AC009-4011-65EF-C50C-000000005403}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004998Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:31:04.384{C36AC009-3FD8-65EF-C40C-000000005403}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004997Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:31:03.616{C36AC009-3FD7-65EF-C30C-000000005403}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004996Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:31:02.872{C36AC009-3FD6-65EF-C20C-000000005403}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004995Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:31:02.122{C36AC009-3FD6-65EF-C10C-000000005403}4392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004994Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:31:01.363{C36AC009-3FD5-65EF-C00C-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004992Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:30:04.415{C36AC009-3F9C-65EF-BF0C-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004991Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:30:03.656{C36AC009-3F9B-65EF-BE0C-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004990Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:30:02.886{C36AC009-3F9A-65EF-BD0C-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004989Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:30:02.120{C36AC009-3F9A-65EF-BC0C-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004988Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:30:01.360{C36AC009-3F99-65EF-BB0C-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004987Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:29:10.995{C36AC009-3F66-65EF-BA0C-000000005403}3404C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004986Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:29:10.954{C36AC009-3F66-65EF-B90C-000000005403}4820C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004985Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:29:10.917{C36AC009-3F66-65EF-B80C-000000005403}2812C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004984Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:29:10.851{C36AC009-3F66-65EF-B60C-000000005403}340C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004983Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:29:04.293{C36AC009-3F60-65EF-B50C-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004982Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:29:03.528{C36AC009-3F5F-65EF-B40C-000000005403}4480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004981Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:29:02.768{C36AC009-3F5E-65EF-B30C-000000005403}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004980Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:29:02.107{C36AC009-3F5E-65EF-B20C-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004979Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:29:01.342{C36AC009-3F5D-65EF-B10C-000000005403}4208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004978Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:28:04.239{C36AC009-3F24-65EF-B00C-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004977Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:28:03.478{C36AC009-3F23-65EF-AF0C-000000005403}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004976Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:28:02.713{C36AC009-3F22-65EF-AE0C-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004975Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:28:02.078{C36AC009-3F22-65EF-AD0C-000000005403}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004974Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:28:01.318{C36AC009-3F21-65EF-AC0C-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004973Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:27:04.175{C36AC009-3EE8-65EF-AB0C-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004972Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:27:03.425{C36AC009-3EE7-65EF-AA0C-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004971Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:27:02.664{C36AC009-3EE6-65EF-A90C-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004970Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:27:02.079{C36AC009-3EE6-65EF-A80C-000000005403}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004969Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:27:01.313{C36AC009-3EE5-65EF-A70C-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004968Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:26:04.364{C36AC009-3EAC-65EF-A60C-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004967Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:26:03.598{C36AC009-3EAB-65EF-A50C-000000005403}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004966Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:26:02.822{C36AC009-3EAA-65EF-A40C-000000005403}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004965Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:26:02.074{C36AC009-3EAA-65EF-A30C-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004964Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:26:01.312{C36AC009-3EA9-65EF-A20C-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004963Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:25:04.342{C36AC009-3E70-65EF-A10C-000000005403}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004962Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:25:03.579{C36AC009-3E6F-65EF-A00C-000000005403}3824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004961Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:25:02.817{C36AC009-3E6E-65EF-9F0C-000000005403}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004960Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:25:02.067{C36AC009-3E6E-65EF-9E0C-000000005403}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004959Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:25:01.307{C36AC009-3E6D-65EF-9D0C-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004958Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:24:10.983{C36AC009-3E3A-65EF-9C0C-000000005403}3360C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004957Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:24:10.943{C36AC009-3E3A-65EF-9B0C-000000005403}4732C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004956Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:24:10.906{C36AC009-3E3A-65EF-9A0C-000000005403}1228C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004955Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:24:10.841{C36AC009-3E3A-65EF-980C-000000005403}2988C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004954Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:24:04.334{C36AC009-3E34-65EF-970C-000000005403}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004953Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:24:03.571{C36AC009-3E33-65EF-960C-000000005403}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004952Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:24:02.821{C36AC009-3E32-65EF-950C-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004951Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:24:02.057{C36AC009-3E32-65EF-940C-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004950Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:24:01.294{C36AC009-3E31-65EF-930C-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004949Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:23:04.337{C36AC009-3DF8-65EF-920C-000000005403}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004948Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:23:03.587{C36AC009-3DF7-65EF-910C-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004947Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:23:02.823{C36AC009-3DF6-65EF-900C-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004946Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:23:02.059{C36AC009-3DF6-65EF-8F0C-000000005403}3524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004945Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:23:01.294{C36AC009-3DF5-65EF-8E0C-000000005403}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004944Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:22:04.277{C36AC009-3DBC-65EF-8D0C-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004943Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:22:03.527{C36AC009-3DBB-65EF-8C0C-000000005403}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004942Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:22:02.777{C36AC009-3DBA-65EF-8B0C-000000005403}2168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004941Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:22:02.021{C36AC009-3DBA-65EF-8A0C-000000005403}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004940Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:22:01.271{C36AC009-3DB9-65EF-890C-000000005403}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004939Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:21:04.217{C36AC009-3D80-65EF-880C-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004938Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:21:03.452{C36AC009-3D7F-65EF-870C-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004937Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:21:02.687{C36AC009-3D7E-65EF-860C-000000005403}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004936Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:21:02.031{C36AC009-3D7E-65EF-850C-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004935Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:21:01.266{C36AC009-3D7D-65EF-840C-000000005403}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004934Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:20:04.288{C36AC009-3D44-65EF-830C-000000005403}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004933Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:20:03.522{C36AC009-3D43-65EF-820C-000000005403}4244C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004932Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:20:02.773{C36AC009-3D42-65EF-810C-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004931Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:20:02.023{C36AC009-3D42-65EF-800C-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004930Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:20:01.257{C36AC009-3D41-65EF-7F0C-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004929Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:19:10.975{C36AC009-3D0E-65EF-7E0C-000000005403}4372C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004928Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:19:10.935{C36AC009-3D0E-65EF-7D0C-000000005403}2908C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004927Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:19:10.900{C36AC009-3D0E-65EF-7C0C-000000005403}4368C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004926Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:19:10.835{C36AC009-3D0E-65EF-7A0C-000000005403}1228C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004925Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:19:04.283{C36AC009-3D08-65EF-790C-000000005403}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004924Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:19:03.523{C36AC009-3D07-65EF-780C-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004923Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:19:02.773{C36AC009-3D06-65EF-770C-000000005403}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004922Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:19:02.008{C36AC009-3D06-65EF-760C-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004921Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:19:01.251{C36AC009-3D05-65EF-750C-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004920Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:18:04.209{C36AC009-3CCC-65EF-740C-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004919Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:18:03.441{C36AC009-3CCB-65EF-730C-000000005403}2632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004918Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:18:02.692{C36AC009-3CCA-65EF-720C-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004917Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:18:02.019{C36AC009-3CCA-65EF-710C-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004916Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:18:01.268{C36AC009-3CC9-65EF-700C-000000005403}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004915Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:17:04.239{C36AC009-3C90-65EF-6F0C-000000005403}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004914Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:17:03.483{C36AC009-3C8F-65EF-6E0C-000000005403}5040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004913Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:17:02.731{C36AC009-3C8E-65EF-6D0C-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004912Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:17:02.012{C36AC009-3C8E-65EF-6C0C-000000005403}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004911Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:17:01.260{C36AC009-3C8D-65EF-6B0C-000000005403}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004910Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:16:04.289{C36AC009-3C54-65EF-6A0C-000000005403}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004909Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:16:03.523{C36AC009-3C53-65EF-690C-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004908Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:16:02.769{C36AC009-3C52-65EF-680C-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004907Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:16:02.019{C36AC009-3C52-65EF-670C-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004906Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:16:01.267{C36AC009-3C51-65EF-660C-000000005403}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004905Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:15:04.173{C36AC009-3C18-65EF-650C-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004904Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:15:03.560{C36AC009-3C17-65EF-640C-000000005403}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004903Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:15:02.792{C36AC009-3C16-65EF-630C-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004902Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:15:02.027{C36AC009-3C16-65EF-620C-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004901Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:15:01.258{C36AC009-3C15-65EF-610C-000000005403}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004900Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:14:10.977{C36AC009-3BE2-65EF-600C-000000005403}4556C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004899Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:14:10.937{C36AC009-3BE2-65EF-5F0C-000000005403}4876C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004898Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:14:10.901{C36AC009-3BE2-65EF-5E0C-000000005403}2392C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004897Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:14:10.837{C36AC009-3BE2-65EF-5C0C-000000005403}1380C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004896Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:14:04.146{C36AC009-3BDC-65EF-5B0C-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004895Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:14:03.520{C36AC009-3BDB-65EF-5A0C-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004894Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:14:02.751{C36AC009-3BDA-65EF-590C-000000005403}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004893Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:14:01.994{C36AC009-3BD9-65EF-580C-000000005403}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004892Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:14:01.244{C36AC009-3BD9-65EF-570C-000000005403}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004891Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:13:04.125{C36AC009-3BA0-65EF-560C-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004890Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:13:03.494{C36AC009-3B9F-65EF-550C-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004889Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:13:02.740{C36AC009-3B9E-65EF-540C-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004888Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:13:01.996{C36AC009-3B9D-65EF-530C-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004887Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:13:01.246{C36AC009-3B9D-65EF-520C-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004886Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:12:04.204{C36AC009-3B64-65EF-510C-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004885Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:12:03.485{C36AC009-3B63-65EF-500C-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004884Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:12:02.730{C36AC009-3B62-65EF-4F0C-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004883Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:12:01.975{C36AC009-3B61-65EF-4E0C-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004882Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:12:01.220{C36AC009-3B61-65EF-4D0C-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004881Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:11:04.214{C36AC009-3B28-65EF-4C0C-000000005403}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004880Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:11:03.448{C36AC009-3B27-65EF-4B0C-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004879Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:11:02.683{C36AC009-3B26-65EF-4A0C-000000005403}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004878Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:11:01.969{C36AC009-3B25-65EF-490C-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004877Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:11:01.215{C36AC009-3B25-65EF-480C-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004876Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:10:04.083{C36AC009-3AEC-65EF-470C-000000005403}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004875Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:10:03.321{C36AC009-3AEB-65EF-460C-000000005403}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004874Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:10:02.572{C36AC009-3AEA-65EF-450C-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004873Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:10:01.962{C36AC009-3AE9-65EF-440C-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004872Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:10:01.204{C36AC009-3AE9-65EF-430C-000000005403}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004871Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:09:10.970{C36AC009-3AB6-65EF-420C-000000005403}3440C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004870Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:09:10.928{C36AC009-3AB6-65EF-410C-000000005403}4880C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004869Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:09:10.891{C36AC009-3AB6-65EF-400C-000000005403}2336C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004868Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:09:10.826{C36AC009-3AB6-65EF-3E0C-000000005403}2444C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004867Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:09:04.139{C36AC009-3AB0-65EF-3D0C-000000005403}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004866Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:09:03.483{C36AC009-3AAF-65EF-3C0C-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004865Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:09:02.726{C36AC009-3AAE-65EF-3B0C-000000005403}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004864Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:09:01.969{C36AC009-3AAD-65EF-3A0C-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004863Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:09:01.204{C36AC009-3AAD-65EF-390C-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004862Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:08:03.971{C36AC009-3A73-65EF-380C-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004861Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:08:03.363{C36AC009-3A73-65EF-370C-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004860Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:08:02.715{C36AC009-3A72-65EF-360C-000000005403}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004859Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:08:01.949{C36AC009-3A71-65EF-350C-000000005403}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004858Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:08:01.201{C36AC009-3A71-65EF-340C-000000005403}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004857Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:07:04.217{C36AC009-3A38-65EF-330C-000000005403}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004856Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:07:03.467{C36AC009-3A37-65EF-320C-000000005403}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004855Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:07:02.717{C36AC009-3A36-65EF-310C-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004854Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:07:01.959{C36AC009-3A35-65EF-300C-000000005403}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004853Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:07:01.201{C36AC009-3A35-65EF-2F0C-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004852Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:06:04.190{C36AC009-39FC-65EF-2E0C-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004851Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:06:03.432{C36AC009-39FB-65EF-2D0C-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004850Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:06:02.667{C36AC009-39FA-65EF-2C0C-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004849Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:06:01.955{C36AC009-39F9-65EF-2B0C-000000005403}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004848Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:06:01.197{C36AC009-39F9-65EF-2A0C-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004847Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:05:04.190{C36AC009-39C0-65EF-290C-000000005403}3596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004846Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:05:03.438{C36AC009-39BF-65EF-280C-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004845Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:05:02.688{C36AC009-39BE-65EF-270C-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004844Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:05:01.938{C36AC009-39BD-65EF-260C-000000005403}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004843Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:05:01.195{C36AC009-39BD-65EF-250C-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004842Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:04:10.964{C36AC009-398A-65EF-240C-000000005403}696C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004841Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:04:10.924{C36AC009-398A-65EF-230C-000000005403}3040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004840Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:04:10.888{C36AC009-398A-65EF-220C-000000005403}4644C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004839Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:04:10.823{C36AC009-398A-65EF-200C-000000005403}4748C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004838Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:04:04.227{C36AC009-3984-65EF-1F0C-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004837Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:04:03.471{C36AC009-3983-65EF-1E0C-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004836Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:04:02.705{C36AC009-3982-65EF-1D0C-000000005403}1600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004835Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:04:01.939{C36AC009-3981-65EF-1C0C-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004834Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:04:01.179{C36AC009-3981-65EF-1B0C-000000005403}3356C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004833Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:03:04.080{C36AC009-3948-65EF-1A0C-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004832Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:03:03.320{C36AC009-3947-65EF-190C-000000005403}3412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004831Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:03:02.560{C36AC009-3946-65EF-180C-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004830Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:03:01.935{C36AC009-3945-65EF-170C-000000005403}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004829Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:03:01.175{C36AC009-3945-65EF-160C-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004828Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:02:04.235{C36AC009-390C-65EF-150C-000000005403}1380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004827Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:02:03.475{C36AC009-390B-65EF-140C-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004826Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:02:02.714{C36AC009-390A-65EF-130C-000000005403}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004825Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:02:01.948{C36AC009-3909-65EF-120C-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004824Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:02:01.183{C36AC009-3909-65EF-110C-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004823Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:01:04.239{C36AC009-38D0-65EF-100C-000000005403}4176C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004822Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:01:03.478{C36AC009-38CF-65EF-0F0C-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004821Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:01:02.716{C36AC009-38CE-65EF-0E0C-000000005403}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004820Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:01:01.970{C36AC009-38CD-65EF-0D0C-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004819Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:01:01.220{C36AC009-38CD-65EF-0C0C-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004818Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:00:04.242{C36AC009-3894-65EF-0B0C-000000005403}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004817Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:00:03.480{C36AC009-3893-65EF-0A0C-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004816Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:00:02.730{C36AC009-3892-65EF-090C-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004815Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:00:01.968{C36AC009-3891-65EF-080C-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004814Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 17:00:01.205{C36AC009-3891-65EF-070C-000000005403}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004813Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:59:10.956{C36AC009-385E-65EF-060C-000000005403}2012C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004812Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:59:10.916{C36AC009-385E-65EF-050C-000000005403}3408C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004811Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:59:10.879{C36AC009-385E-65EF-040C-000000005403}4140C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004810Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:59:10.815{C36AC009-385E-65EF-020C-000000005403}3484C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004809Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:59:04.170{C36AC009-3858-65EF-010C-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004808Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:59:03.485{C36AC009-3857-65EF-000C-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004807Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:59:02.735{C36AC009-3856-65EF-FF0B-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004806Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:59:01.972{C36AC009-3855-65EF-FE0B-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004805Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:59:01.206{C36AC009-3855-65EF-FD0B-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004804Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:58:04.073{C36AC009-381C-65EF-FC0B-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004803Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:58:03.310{C36AC009-381B-65EF-FB0B-000000005403}2660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004802Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:58:02.544{C36AC009-381A-65EF-FA0B-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004801Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:58:01.937{C36AC009-3819-65EF-F90B-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004800Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:58:01.187{C36AC009-3819-65EF-F80B-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004799Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:57:04.174{C36AC009-37E0-65EF-F70B-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004798Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:57:03.471{C36AC009-37DF-65EF-F60B-000000005403}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004797Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:57:02.707{C36AC009-37DE-65EF-F50B-000000005403}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004796Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:57:01.942{C36AC009-37DD-65EF-F40B-000000005403}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004795Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:57:01.178{C36AC009-37DD-65EF-F30B-000000005403}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004794Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:56:04.194{C36AC009-37A4-65EF-F20B-000000005403}4964C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004793Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:56:03.444{C36AC009-37A3-65EF-F10B-000000005403}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004792Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:56:02.694{C36AC009-37A2-65EF-F00B-000000005403}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004791Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:56:01.931{C36AC009-37A1-65EF-EF0B-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004790Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:56:01.165{C36AC009-37A1-65EF-EE0B-000000005403}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004789Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:55:04.199{C36AC009-3768-65EF-ED0B-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004788Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:55:03.434{C36AC009-3767-65EF-EC0B-000000005403}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004787Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:55:02.668{C36AC009-3766-65EF-EB0B-000000005403}4164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004786Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:55:01.903{C36AC009-3765-65EF-EA0B-000000005403}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004785Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:55:01.138{C36AC009-3765-65EF-E90B-000000005403}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004784Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:54:10.945{C36AC009-3732-65EF-E80B-000000005403}5004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004783Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:54:10.904{C36AC009-3732-65EF-E70B-000000005403}4844C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004782Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:54:10.868{C36AC009-3732-65EF-E60B-000000005403}1400C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004781Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:54:10.803{C36AC009-3732-65EF-E40B-000000005403}4332C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004780Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:54:04.156{C36AC009-372C-65EF-E30B-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004779Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:54:03.391{C36AC009-372B-65EF-E20B-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004778Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:54:02.641{C36AC009-372A-65EF-E10B-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004777Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:54:01.890{C36AC009-3729-65EF-E00B-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004776Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:54:01.125{C36AC009-3729-65EF-DF0B-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004775Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:53:04.038{C36AC009-36F0-65EF-DE0B-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004774Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:53:03.287{C36AC009-36EF-65EF-DD0B-000000005403}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004773Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:53:02.537{C36AC009-36EE-65EF-DC0B-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004772Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:53:01.865{C36AC009-36ED-65EF-DB0B-000000005403}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004771Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:53:01.114{C36AC009-36ED-65EF-DA0B-000000005403}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004770Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:52:04.145{C36AC009-36B4-65EF-D90B-000000005403}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004769Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:52:03.395{C36AC009-36B3-65EF-D80B-000000005403}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004768Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:52:02.630{C36AC009-36B2-65EF-D70B-000000005403}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004767Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:52:01.865{C36AC009-36B1-65EF-D60B-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004766Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:52:01.115{C36AC009-36B1-65EF-D50B-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004765Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:51:04.145{C36AC009-3678-65EF-D40B-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004764Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:51:03.391{C36AC009-3677-65EF-D30B-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004763Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:51:02.625{C36AC009-3676-65EF-D20B-000000005403}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004762Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:51:01.859{C36AC009-3675-65EF-D10B-000000005403}4996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004761Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:51:01.105{C36AC009-3675-65EF-D00B-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004760Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:50:04.131{C36AC009-363C-65EF-CF0B-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004759Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:50:03.361{C36AC009-363B-65EF-CE0B-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004758Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:50:02.611{C36AC009-363A-65EF-CD0B-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004757Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:50:01.861{C36AC009-3639-65EF-CC0B-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004756Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:50:01.101{C36AC009-3639-65EF-CB0B-000000005403}2184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004755Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:49:10.929{C36AC009-3606-65EF-CA0B-000000005403}3636C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004754Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:49:10.889{C36AC009-3606-65EF-C90B-000000005403}2100C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004753Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:49:10.853{C36AC009-3606-65EF-C80B-000000005403}2988C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004752Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:49:10.788{C36AC009-3606-65EF-C60B-000000005403}4516C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004751Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:49:03.952{C36AC009-35FF-65EF-C50B-000000005403}4200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004750Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:49:03.355{C36AC009-35FF-65EF-C40B-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004749Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:49:02.603{C36AC009-35FE-65EF-C30B-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004748Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:49:01.853{C36AC009-35FD-65EF-C20B-000000005403}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004747Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:49:01.100{C36AC009-35FD-65EF-C10B-000000005403}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004746Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:48:03.882{C36AC009-35C3-65EF-C00B-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004745Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:48:03.257{C36AC009-35C3-65EF-BF0B-000000005403}1948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004744Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:48:02.597{C36AC009-35C2-65EF-BE0B-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004743Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:48:01.843{C36AC009-35C1-65EF-BD0B-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004742Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:48:01.093{C36AC009-35C1-65EF-BC0B-000000005403}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004741Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:47:04.039{C36AC009-3588-65EF-BB0B-000000005403}2624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004740Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:47:03.266{C36AC009-3587-65EF-BA0B-000000005403}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004739Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:47:02.515{C36AC009-3586-65EF-B90B-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004738Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:47:01.843{C36AC009-3585-65EF-B80B-000000005403}3524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004737Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:47:01.073{C36AC009-3585-65EF-B70B-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004736Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:46:04.014{C36AC009-354C-65EF-B60B-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004735Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:46:03.264{C36AC009-354B-65EF-B50B-000000005403}4744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004734Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:46:02.515{C36AC009-354A-65EF-B40B-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004733Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:46:01.817{C36AC009-3549-65EF-B30B-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004732Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:46:01.067{C36AC009-3549-65EF-B20B-000000005403}5108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004731Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:45:03.909{C36AC009-350F-65EF-B10B-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004730Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:45:03.315{C36AC009-350F-65EF-B00B-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004729Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:45:02.565{C36AC009-350E-65EF-AF0B-000000005403}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004728Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:45:01.820{C36AC009-350D-65EF-AE0B-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004727Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:45:01.070{C36AC009-350D-65EF-AD0B-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004726Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:44:10.923{C36AC009-34DA-65EF-AC0B-000000005403}4428C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004725Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:44:10.885{C36AC009-34DA-65EF-AB0B-000000005403}2984C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004724Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:44:10.848{C36AC009-34DA-65EF-AA0B-000000005403}3524C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004723Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:44:10.783{C36AC009-34DA-65EF-A80B-000000005403}5024C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004722Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:44:04.059{C36AC009-34D4-65EF-A70B-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004721Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:44:03.302{C36AC009-34D3-65EF-A60B-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004720Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:44:02.546{C36AC009-34D2-65EF-A50B-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004719Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:44:01.843{C36AC009-34D1-65EF-A40B-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004718Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:44:01.071{C36AC009-34D1-65EF-A30B-000000005403}4460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004717Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:43:04.023{C36AC009-3498-65EF-A20B-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004716Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:43:03.266{C36AC009-3497-65EF-A10B-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004715Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:43:02.516{C36AC009-3496-65EF-A00B-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004714Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:43:01.821{C36AC009-3495-65EF-9F0B-000000005403}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004713Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:43:01.064{C36AC009-3495-65EF-9E0B-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004712Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:42:03.938{C36AC009-345B-65EF-9D0B-000000005403}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004711Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:42:03.190{C36AC009-345B-65EF-9C0B-000000005403}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004710Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:42:02.440{C36AC009-345A-65EF-9B0B-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004709Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:42:01.815{C36AC009-3459-65EF-9A0B-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004708Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:42:01.042{C36AC009-3459-65EF-990B-000000005403}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004707Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:41:03.914{C36AC009-341F-65EF-980B-000000005403}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004706Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:41:03.312{C36AC009-341F-65EF-970B-000000005403}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004705Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:41:02.562{C36AC009-341E-65EF-960B-000000005403}1992C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004704Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:41:01.804{C36AC009-341D-65EF-950B-000000005403}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004703Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:41:01.046{C36AC009-341D-65EF-940B-000000005403}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004702Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:40:04.069{C36AC009-33E4-65EF-930B-000000005403}4340C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004701Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:40:03.319{C36AC009-33E3-65EF-920B-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004700Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:40:02.560{C36AC009-33E2-65EF-910B-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004699Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:40:01.802{C36AC009-33E1-65EF-900B-000000005403}1504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004698Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:40:01.036{C36AC009-33E1-65EF-8F0B-000000005403}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004697Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:39:10.916{C36AC009-33AE-65EF-8E0B-000000005403}1272C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004696Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:39:10.876{C36AC009-33AE-65EF-8D0B-000000005403}2816C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004695Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:39:10.839{C36AC009-33AE-65EF-8C0B-000000005403}3476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004694Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:39:10.774{C36AC009-33AE-65EF-8A0B-000000005403}1120C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004693Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:39:03.995{C36AC009-33A7-65EF-890B-000000005403}4480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004692Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:39:03.236{C36AC009-33A7-65EF-880B-000000005403}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004691Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:39:02.486{C36AC009-33A6-65EF-870B-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004690Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:39:01.789{C36AC009-33A5-65EF-860B-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004689Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:39:01.030{C36AC009-33A5-65EF-850B-000000005403}3484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004688Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:38:04.007{C36AC009-336C-65EF-840B-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004687Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:38:03.241{C36AC009-336B-65EF-830B-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004686Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:38:02.482{C36AC009-336A-65EF-820B-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004685Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:38:01.800{C36AC009-3369-65EF-810B-000000005403}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004684Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:38:01.034{C36AC009-3369-65EF-800B-000000005403}2308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004683Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:37:04.054{C36AC009-3330-65EF-7F0B-000000005403}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004682Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:37:03.289{C36AC009-332F-65EF-7E0B-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004681Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:37:02.523{C36AC009-332E-65EF-7D0B-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004680Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:37:01.768{C36AC009-332D-65EF-7C0B-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004679Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:37:01.018{C36AC009-332D-65EF-7B0B-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004678Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:36:03.949{C36AC009-32F3-65EF-7A0B-000000005403}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004677Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:36:03.188{C36AC009-32F3-65EF-790B-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004676Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:36:02.427{C36AC009-32F2-65EF-780B-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004675Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:36:01.770{C36AC009-32F1-65EF-770B-000000005403}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004674Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:36:01.009{C36AC009-32F1-65EF-760B-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004673Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:35:03.855{C36AC009-32B7-65EF-750B-000000005403}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004672Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:35:03.268{C36AC009-32B7-65EF-740B-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004671Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:35:02.518{C36AC009-32B6-65EF-730B-000000005403}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004670Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:35:01.768{C36AC009-32B5-65EF-720B-000000005403}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004669Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:35:01.009{C36AC009-32B5-65EF-710B-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004668Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:34:10.911{C36AC009-3282-65EF-700B-000000005403}2960C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004667Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:34:10.870{C36AC009-3282-65EF-6F0B-000000005403}2300C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004666Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:34:10.834{C36AC009-3282-65EF-6E0B-000000005403}1016C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004665Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:34:10.769{C36AC009-3282-65EF-6C0B-000000005403}3352C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004664Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:34:03.991{C36AC009-327B-65EF-6B0B-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004663Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:34:03.225{C36AC009-327B-65EF-6A0B-000000005403}1992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004662Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:34:02.467{C36AC009-327A-65EF-690B-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004661Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:34:01.764{C36AC009-3279-65EF-680B-000000005403}3960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004660Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:34:01.014{C36AC009-3279-65EF-670B-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004659Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:33:03.939{C36AC009-323F-65EF-660B-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004658Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:33:03.180{C36AC009-323F-65EF-650B-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004657Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:33:02.408{C36AC009-323E-65EF-640B-000000005403}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004656Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:33:01.754{C36AC009-323D-65EF-630B-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004655Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:33:01.004{C36AC009-323D-65EF-620B-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004654Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:32:03.976{C36AC009-3203-65EF-610B-000000005403}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004653Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:32:03.232{C36AC009-3203-65EF-600B-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004652Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:32:02.482{C36AC009-3202-65EF-5F0B-000000005403}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004651Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:32:01.754{C36AC009-3201-65EF-5E0B-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004650Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:32:00.993{C36AC009-3200-65EF-5D0B-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004649Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:31:03.938{C36AC009-31C7-65EF-5C0B-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004648Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:31:03.174{C36AC009-31C7-65EF-5B0B-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004647Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:31:02.425{C36AC009-31C6-65EF-5A0B-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004646Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:31:01.738{C36AC009-31C5-65EF-590B-000000005403}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004645Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:31:00.975{C36AC009-31C4-65EF-580B-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004644Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:30:04.001{C36AC009-318C-65EF-570B-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004643Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:30:03.235{C36AC009-318B-65EF-560B-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004642Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:30:02.471{C36AC009-318A-65EF-550B-000000005403}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004641Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:30:01.706{C36AC009-3189-65EF-540B-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004640Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:30:00.956{C36AC009-3188-65EF-530B-000000005403}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004639Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:29:10.892{C36AC009-3156-65EF-520B-000000005403}3784C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004638Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:29:10.853{C36AC009-3156-65EF-510B-000000005403}1404C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004637Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:29:10.817{C36AC009-3156-65EF-500B-000000005403}4392C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004636Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:29:10.752{C36AC009-3156-65EF-4E0B-000000005403}4600C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004635Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:29:03.897{C36AC009-314F-65EF-4D0B-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004634Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:29:03.224{C36AC009-314F-65EF-4C0B-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004633Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:29:02.475{C36AC009-314E-65EF-4B0B-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004632Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:29:01.709{C36AC009-314D-65EF-4A0B-000000005403}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004631Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:29:00.959{C36AC009-314C-65EF-490B-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004630Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:28:03.900{C36AC009-3113-65EF-480B-000000005403}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004629Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:28:03.138{C36AC009-3113-65EF-470B-000000005403}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004628Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:28:02.373{C36AC009-3112-65EF-460B-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004627Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:28:01.701{C36AC009-3111-65EF-450B-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004626Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:28:00.950{C36AC009-3110-65EF-440B-000000005403}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004625Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:27:03.842{C36AC009-30D7-65EF-430B-000000005403}1400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004624Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:27:03.216{C36AC009-30D7-65EF-420B-000000005403}3584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004623Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:27:02.465{C36AC009-30D6-65EF-410B-000000005403}1732C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004622Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:27:01.714{C36AC009-30D5-65EF-400B-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004621Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:27:00.948{C36AC009-30D4-65EF-3F0B-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004620Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:26:03.804{C36AC009-309B-65EF-3E0B-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004619Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:26:03.051{C36AC009-309B-65EF-3D0B-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004618Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:26:02.302{C36AC009-309A-65EF-3C0B-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004617Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:26:01.707{C36AC009-3099-65EF-3B0B-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004616Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:26:00.940{C36AC009-3098-65EF-3A0B-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004615Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:25:03.871{C36AC009-305F-65EF-390B-000000005403}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004614Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:25:03.181{C36AC009-305F-65EF-380B-000000005403}1112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004613Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:25:02.429{C36AC009-305E-65EF-370B-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004612Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:25:01.678{C36AC009-305D-65EF-360B-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004611Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:25:00.926{C36AC009-305C-65EF-350B-000000005403}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004609Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:24:10.886{C36AC009-302A-65EF-340B-000000005403}2392C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004608Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:24:10.846{C36AC009-302A-65EF-330B-000000005403}2940C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004607Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:24:10.810{C36AC009-302A-65EF-320B-000000005403}4336C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004606Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:24:10.744{C36AC009-302A-65EF-300B-000000005403}2236C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004605Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:24:03.790{C36AC009-3023-65EF-2F0B-000000005403}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004604Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:24:03.176{C36AC009-3023-65EF-2E0B-000000005403}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004603Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:24:02.423{C36AC009-3022-65EF-2D0B-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004602Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:24:01.673{C36AC009-3021-65EF-2C0B-000000005403}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004601Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:24:00.918{C36AC009-3020-65EF-2B0B-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004600Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:23:03.936{C36AC009-2FE7-65EF-2A0B-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004599Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:23:03.186{C36AC009-2FE7-65EF-290B-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004598Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:23:02.429{C36AC009-2FE6-65EF-280B-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004597Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:23:01.676{C36AC009-2FE5-65EF-270B-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004596Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:23:00.910{C36AC009-2FE4-65EF-260B-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004595Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:22:03.843{C36AC009-2FAB-65EF-250B-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004594Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:22:03.089{C36AC009-2FAB-65EF-240B-000000005403}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004593Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:22:02.333{C36AC009-2FAA-65EF-230B-000000005403}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004592Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:22:01.660{C36AC009-2FA9-65EF-220B-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004591Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:22:00.906{C36AC009-2FA8-65EF-210B-000000005403}4480C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004590Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:21:03.871{C36AC009-2F6F-65EF-200B-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004589Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:21:03.183{C36AC009-2F6F-65EF-1F0B-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004588Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:21:02.424{C36AC009-2F6E-65EF-1E0B-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004587Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:21:01.670{C36AC009-2F6D-65EF-1D0B-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004586Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:21:00.904{C36AC009-2F6C-65EF-1C0B-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004585Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:20:03.787{C36AC009-2F33-65EF-1B0B-000000005403}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004584Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:20:03.172{C36AC009-2F33-65EF-1A0B-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004583Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:20:02.406{C36AC009-2F32-65EF-190B-000000005403}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004582Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:20:01.651{C36AC009-2F31-65EF-180B-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004581Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:20:00.896{C36AC009-2F30-65EF-170B-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004580Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:19:10.883{C36AC009-2EFE-65EF-160B-000000005403}3812C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004579Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:19:10.843{C36AC009-2EFE-65EF-150B-000000005403}1184C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004578Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:19:10.808{C36AC009-2EFE-65EF-140B-000000005403}4272C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004577Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:19:10.742{C36AC009-2EFE-65EF-120B-000000005403}5092C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004576Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:19:03.835{C36AC009-2EF7-65EF-110B-000000005403}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004575Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:19:03.085{C36AC009-2EF7-65EF-100B-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004574Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:19:02.392{C36AC009-2EF6-65EF-0F0B-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004573Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:19:01.636{C36AC009-2EF5-65EF-0E0B-000000005403}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004572Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:19:00.880{C36AC009-2EF4-65EF-0D0B-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004571Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:18:03.831{C36AC009-2EBB-65EF-0C0B-000000005403}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004570Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:18:03.153{C36AC009-2EBB-65EF-0B0B-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004569Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:18:02.397{C36AC009-2EBA-65EF-0A0B-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004568Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:18:01.641{C36AC009-2EB9-65EF-090B-000000005403}4472C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004567Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:18:00.885{C36AC009-2EB8-65EF-080B-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004566Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:17:03.809{C36AC009-2E7F-65EF-070B-000000005403}4952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004565Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:17:03.053{C36AC009-2E7F-65EF-060B-000000005403}4392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004564Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:17:02.303{C36AC009-2E7E-65EF-050B-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004563Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:17:01.624{C36AC009-2E7D-65EF-040B-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004562Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:17:00.868{C36AC009-2E7C-65EF-030B-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004561Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:16:03.852{C36AC009-2E43-65EF-020B-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004560Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:16:03.095{C36AC009-2E43-65EF-010B-000000005403}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004559Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:16:02.345{C36AC009-2E42-65EF-000B-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004558Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:16:01.603{C36AC009-2E41-65EF-FF0A-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004557Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:16:00.846{C36AC009-2E40-65EF-FE0A-000000005403}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004556Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:15:03.737{C36AC009-2E07-65EF-FD0A-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004555Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:15:02.979{C36AC009-2E06-65EF-FC0A-000000005403}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004554Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:15:02.221{C36AC009-2E06-65EF-FB0A-000000005403}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004553Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:15:01.580{C36AC009-2E05-65EF-FA0A-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004552Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:15:00.838{C36AC009-2E04-65EF-F90A-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004551Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:14:10.882{C36AC009-2DD2-65EF-F80A-000000005403}1488C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004550Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:14:10.842{C36AC009-2DD2-65EF-F70A-000000005403}4336C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004549Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:14:10.805{C36AC009-2DD2-65EF-F60A-000000005403}5028C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004548Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:14:10.740{C36AC009-2DD2-65EF-F40A-000000005403}2252C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004547Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:14:03.718{C36AC009-2DCB-65EF-F30A-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004546Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:14:02.953{C36AC009-2DCA-65EF-F20A-000000005403}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004545Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:14:02.210{C36AC009-2DCA-65EF-F10A-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004544Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:14:01.600{C36AC009-2DC9-65EF-F00A-000000005403}3960C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004543Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:14:00.842{C36AC009-2DC8-65EF-EF0A-000000005403}3436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004542Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:13:03.787{C36AC009-2D8F-65EF-EE0A-000000005403}2900C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004541Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:13:03.083{C36AC009-2D8F-65EF-ED0A-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004540Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:13:02.340{C36AC009-2D8E-65EF-EC0A-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004539Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:13:01.580{C36AC009-2D8D-65EF-EB0A-000000005403}3524C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004538Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:13:00.830{C36AC009-2D8C-65EF-EA0A-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004537Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:12:03.779{C36AC009-2D53-65EF-E90A-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004536Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:12:03.018{C36AC009-2D53-65EF-E80A-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004535Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:12:02.258{C36AC009-2D52-65EF-E70A-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004534Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:12:01.576{C36AC009-2D51-65EF-E60A-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004533Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:12:00.826{C36AC009-2D50-65EF-E50A-000000005403}2392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004532Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:11:03.853{C36AC009-2D17-65EF-E40A-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004531Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:11:03.094{C36AC009-2D17-65EF-E30A-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004530Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:11:02.344{C36AC009-2D16-65EF-E20A-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004529Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:11:01.589{C36AC009-2D15-65EF-E10A-000000005403}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004528Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:11:00.824{C36AC009-2D14-65EF-E00A-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004527Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:10:03.840{C36AC009-2CDB-65EF-DF0A-000000005403}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004526Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:10:03.078{C36AC009-2CDB-65EF-DE0A-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004525Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:10:02.322{C36AC009-2CDA-65EF-DD0A-000000005403}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004524Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:10:01.588{C36AC009-2CD9-65EF-DC0A-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004523Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:10:00.811{C36AC009-2CD8-65EF-DB0A-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004522Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:09:10.869{C36AC009-2CA6-65EF-DA0A-000000005403}3444C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004521Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:09:10.829{C36AC009-2CA6-65EF-D90A-000000005403}4644C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004520Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:09:10.793{C36AC009-2CA6-65EF-D80A-000000005403}2500C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004519Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:09:10.728{C36AC009-2CA6-65EF-D60A-000000005403}4648C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004518Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:09:03.720{C36AC009-2C9F-65EF-D50A-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004517Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:09:03.099{C36AC009-2C9F-65EF-D40A-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004516Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:09:02.341{C36AC009-2C9E-65EF-D30A-000000005403}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004515Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:09:01.580{C36AC009-2C9D-65EF-D20A-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004514Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:09:00.818{C36AC009-2C9C-65EF-D10A-000000005403}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004513Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:08:03.793{C36AC009-2C63-65EF-D00A-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004512Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:08:03.093{C36AC009-2C63-65EF-CF0A-000000005403}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004511Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:08:02.326{C36AC009-2C62-65EF-CE0A-000000005403}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004510Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:08:01.576{C36AC009-2C61-65EF-CD0A-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004509Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:08:00.814{C36AC009-2C60-65EF-CC0A-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004508Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:07:03.838{C36AC009-2C27-65EF-CB0A-000000005403}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004507Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:07:03.078{C36AC009-2C27-65EF-CA0A-000000005403}2192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004506Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:07:02.317{C36AC009-2C26-65EF-C90A-000000005403}4660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004505Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:07:01.556{C36AC009-2C25-65EF-C80A-000000005403}4436C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004504Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:07:00.796{C36AC009-2C24-65EF-C70A-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004503Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:06:03.795{C36AC009-2BEB-65EF-C60A-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004502Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:06:03.031{C36AC009-2BEB-65EF-C50A-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004501Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:06:02.268{C36AC009-2BEA-65EF-C40A-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004500Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:06:01.571{C36AC009-2BE9-65EF-C30A-000000005403}2904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004499Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:06:00.793{C36AC009-2BE8-65EF-C20A-000000005403}3556C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004498Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:05:03.673{C36AC009-2BAF-65EF-C10A-000000005403}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004497Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:05:03.064{C36AC009-2BAF-65EF-C00A-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004496Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:05:02.300{C36AC009-2BAE-65EF-BF0A-000000005403}3596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004495Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:05:01.552{C36AC009-2BAD-65EF-BE0A-000000005403}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004494Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:05:00.788{C36AC009-2BAC-65EF-BD0A-000000005403}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004493Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:04:10.857{C36AC009-2B7A-65EF-BC0A-000000005403}1560C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004492Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:04:10.818{C36AC009-2B7A-65EF-BB0A-000000005403}4420C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004491Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:04:10.781{C36AC009-2B7A-65EF-BA0A-000000005403}4556C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004490Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:04:10.715{C36AC009-2B7A-65EF-B80A-000000005403}1596C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004489Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:04:03.797{C36AC009-2B73-65EF-B70A-000000005403}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004488Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:04:03.047{C36AC009-2B73-65EF-B60A-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004487Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:04:02.281{C36AC009-2B72-65EF-B50A-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004486Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:04:01.517{C36AC009-2B71-65EF-B40A-000000005403}1976C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004485Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:04:00.766{C36AC009-2B70-65EF-B30A-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004484Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:03:03.670{C36AC009-2B37-65EF-B20A-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004483Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:03:03.013{C36AC009-2B37-65EF-B10A-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004482Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:03:02.249{C36AC009-2B36-65EF-B00A-000000005403}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004481Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:03:01.499{C36AC009-2B35-65EF-AF0A-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004480Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:03:00.744{C36AC009-2B34-65EF-AE0A-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004479Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:02:03.643{C36AC009-2AFB-65EF-AD0A-000000005403}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004478Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:02:03.002{C36AC009-2AFB-65EF-AC0A-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004477Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:02:02.252{C36AC009-2AFA-65EF-AB0A-000000005403}5100C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004476Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:02:01.502{C36AC009-2AF9-65EF-AA0A-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004475Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:02:00.737{C36AC009-2AF8-65EF-A90A-000000005403}4952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004474Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:01:03.674{C36AC009-2ABF-65EF-A80A-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004473Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:01:02.909{C36AC009-2ABE-65EF-A70A-000000005403}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004472Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:01:02.143{C36AC009-2ABE-65EF-A60A-000000005403}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004471Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:01:01.470{C36AC009-2ABD-65EF-A50A-000000005403}3348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004470Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:01:00.720{C36AC009-2ABC-65EF-A40A-000000005403}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004469Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:00:03.610{C36AC009-2A83-65EF-A30A-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004468Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:00:02.998{C36AC009-2A82-65EF-A20A-000000005403}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004467Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:00:02.248{C36AC009-2A82-65EF-A10A-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004466Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:00:01.482{C36AC009-2A81-65EF-A00A-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004465Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 16:00:00.715{C36AC009-2A80-65EF-9F0A-000000005403}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004464Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:59:10.853{C36AC009-2A4E-65EF-9E0A-000000005403}3684C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004463Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:59:10.813{C36AC009-2A4E-65EF-9D0A-000000005403}3896C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004462Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:59:10.776{C36AC009-2A4E-65EF-9C0A-000000005403}3456C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004461Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:59:10.711{C36AC009-2A4E-65EF-9A0A-000000005403}3404C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004460Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:59:03.610{C36AC009-2A47-65EF-990A-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004459Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:59:02.843{C36AC009-2A46-65EF-980A-000000005403}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004458Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:59:02.124{C36AC009-2A46-65EF-970A-000000005403}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004457Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:59:01.372{C36AC009-2A45-65EF-960A-000000005403}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004456Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:59:00.700{C36AC009-2A44-65EF-950A-000000005403}4560C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004455Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:58:03.630{C36AC009-2A0B-65EF-940A-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004454Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:58:02.955{C36AC009-2A0A-65EF-930A-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004453Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:58:02.202{C36AC009-2A0A-65EF-920A-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004452Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:58:01.450{C36AC009-2A09-65EF-910A-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004451Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:58:00.684{C36AC009-2A08-65EF-900A-000000005403}4532C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004450Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:57:03.592{C36AC009-29CF-65EF-8F0A-000000005403}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004449Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:57:02.920{C36AC009-29CE-65EF-8E0A-000000005403}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004448Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:57:02.170{C36AC009-29CE-65EF-8D0A-000000005403}3804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004447Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:57:01.413{C36AC009-29CD-65EF-8C0A-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004446Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:57:00.663{C36AC009-29CC-65EF-8B0A-000000005403}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004445Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:56:03.704{C36AC009-2993-65EF-8A0A-000000005403}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004444Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:56:03.016{C36AC009-2993-65EF-890A-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004443Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:56:02.258{C36AC009-2992-65EF-880A-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004442Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:56:01.492{C36AC009-2991-65EF-870A-000000005403}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004441Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:56:00.742{C36AC009-2990-65EF-860A-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004440Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:55:03.701{C36AC009-2957-65EF-850A-000000005403}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004439Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:55:02.951{C36AC009-2956-65EF-840A-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004438Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:55:02.193{C36AC009-2956-65EF-830A-000000005403}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004437Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:55:01.490{C36AC009-2955-65EF-820A-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004436Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:55:00.724{C36AC009-2954-65EF-810A-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004434Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:54:10.840{C36AC009-2922-65EF-800A-000000005403}4444C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004433Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:54:10.799{C36AC009-2922-65EF-7F0A-000000005403}4284C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004432Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:54:10.763{C36AC009-2922-65EF-7E0A-000000005403}4260C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004431Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:54:10.698{C36AC009-2922-65EF-7C0A-000000005403}2460C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004430Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:54:03.664{C36AC009-291B-65EF-7B0A-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004429Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:54:02.971{C36AC009-291A-65EF-7A0A-000000005403}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004428Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:54:02.221{C36AC009-291A-65EF-790A-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004427Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:54:01.461{C36AC009-2919-65EF-780A-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004426Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:54:00.711{C36AC009-2918-65EF-770A-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004425Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:53:03.654{C36AC009-28DF-65EF-760A-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004424Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:53:02.958{C36AC009-28DE-65EF-750A-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004423Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:53:02.208{C36AC009-28DE-65EF-740A-000000005403}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004422Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:53:01.458{C36AC009-28DD-65EF-730A-000000005403}4020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004421Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:53:00.697{C36AC009-28DC-65EF-720A-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004420Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:52:03.583{C36AC009-28A3-65EF-710A-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004419Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:52:02.819{C36AC009-28A2-65EF-700A-000000005403}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004418Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:52:02.061{C36AC009-28A2-65EF-6F0A-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004417Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:52:01.447{C36AC009-28A1-65EF-6E0A-000000005403}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004416Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:52:00.691{C36AC009-28A0-65EF-6D0A-000000005403}1176C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004415Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:51:03.563{C36AC009-2867-65EF-6C0A-000000005403}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004414Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:51:02.947{C36AC009-2866-65EF-6B0A-000000005403}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004413Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:51:02.197{C36AC009-2866-65EF-6A0A-000000005403}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004412Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:51:01.432{C36AC009-2865-65EF-690A-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004411Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:51:00.689{C36AC009-2864-65EF-680A-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004410Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:50:03.695{C36AC009-282B-65EF-670A-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004409Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:50:02.945{C36AC009-282A-65EF-660A-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004408Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:50:02.196{C36AC009-282A-65EF-650A-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004407Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:50:01.446{C36AC009-2829-65EF-640A-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004406Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:50:00.680{C36AC009-2828-65EF-630A-000000005403}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004405Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:49:10.827{C36AC009-27F6-65EF-620A-000000005403}4152C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004404Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:49:10.786{C36AC009-27F6-65EF-610A-000000005403}1124C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004403Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:49:10.749{C36AC009-27F6-65EF-600A-000000005403}3472C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004402Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:49:10.684{C36AC009-27F6-65EF-5E0A-000000005403}4712C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004401Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:49:03.595{C36AC009-27EF-65EF-5D0A-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004400Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:49:02.946{C36AC009-27EE-65EF-5C0A-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004399Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:49:02.196{C36AC009-27EE-65EF-5B0A-000000005403}3056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004398Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:49:01.438{C36AC009-27ED-65EF-5A0A-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004397Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:49:00.680{C36AC009-27EC-65EF-590A-000000005403}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004396Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:48:03.661{C36AC009-27B3-65EF-580A-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004395Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:48:02.912{C36AC009-27B2-65EF-570A-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004394Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:48:02.151{C36AC009-27B2-65EF-560A-000000005403}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004393Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:48:01.416{C36AC009-27B1-65EF-550A-000000005403}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004392Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:48:00.666{C36AC009-27B0-65EF-540A-000000005403}4864C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004391Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:47:03.704{C36AC009-2777-65EF-530A-000000005403}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004390Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:47:02.945{C36AC009-2776-65EF-520A-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004389Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:47:02.186{C36AC009-2776-65EF-510A-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004388Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:47:01.421{C36AC009-2775-65EF-500A-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004387Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:47:00.662{C36AC009-2774-65EF-4F0A-000000005403}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004386Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:46:03.625{C36AC009-273B-65EF-4E0A-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004385Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:46:02.866{C36AC009-273A-65EF-4D0A-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004384Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:46:02.116{C36AC009-273A-65EF-4C0A-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004383Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:46:01.403{C36AC009-2739-65EF-4B0A-000000005403}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004382Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:46:00.643{C36AC009-2738-65EF-4A0A-000000005403}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004381Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:45:03.580{C36AC009-26FF-65EF-490A-000000005403}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004380Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:45:02.928{C36AC009-26FE-65EF-480A-000000005403}3236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004379Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:45:02.168{C36AC009-26FE-65EF-470A-000000005403}1948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004378Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:45:01.403{C36AC009-26FD-65EF-460A-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004377Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:45:00.628{C36AC009-26FC-65EF-450A-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004376Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:44:10.819{C36AC009-26CA-65EF-440A-000000005403}2268C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004375Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:44:10.778{C36AC009-26CA-65EF-430A-000000005403}1376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004374Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:44:10.743{C36AC009-26CA-65EF-420A-000000005403}2264C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004373Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:44:10.678{C36AC009-26CA-65EF-400A-000000005403}840C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004372Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:44:03.562{C36AC009-26C3-65EF-3F0A-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004371Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:44:02.785{C36AC009-26C2-65EF-3E0A-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004370Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:44:02.036{C36AC009-26C2-65EF-3D0A-000000005403}4756C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004369Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:44:01.384{C36AC009-26C1-65EF-3C0A-000000005403}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004368Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:44:00.634{C36AC009-26C0-65EF-3B0A-000000005403}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004367Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:43:03.584{C36AC009-2687-65EF-3A0A-000000005403}1992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004366Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:43:02.885{C36AC009-2686-65EF-390A-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004365Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:43:02.123{C36AC009-2686-65EF-380A-000000005403}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004364Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:43:01.361{C36AC009-2685-65EF-370A-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004363Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:43:00.611{C36AC009-2684-65EF-360A-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004362Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:42:03.679{C36AC009-264B-65EF-350A-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004361Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:42:02.920{C36AC009-264A-65EF-340A-000000005403}3700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004360Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:42:02.154{C36AC009-264A-65EF-330A-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004359Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:42:01.376{C36AC009-2649-65EF-320A-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004358Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:42:00.614{C36AC009-2648-65EF-310A-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004357Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:41:03.604{C36AC009-260F-65EF-300A-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004356Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:41:02.900{C36AC009-260E-65EF-2F0A-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004355Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:41:02.137{C36AC009-260E-65EF-2E0A-000000005403}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004354Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:41:01.374{C36AC009-260D-65EF-2D0A-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004353Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:41:00.609{C36AC009-260C-65EF-2C0A-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004352Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:40:03.612{C36AC009-25D3-65EF-2B0A-000000005403}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004351Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:40:02.848{C36AC009-25D2-65EF-2A0A-000000005403}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004350Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:40:02.084{C36AC009-25D2-65EF-290A-000000005403}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004349Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:40:01.365{C36AC009-25D1-65EF-280A-000000005403}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004348Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:40:00.601{C36AC009-25D0-65EF-270A-000000005403}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004347Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:39:10.804{C36AC009-259E-65EF-260A-000000005403}4108C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004346Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:39:10.763{C36AC009-259E-65EF-250A-000000005403}3472C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004345Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:39:10.727{C36AC009-259E-65EF-240A-000000005403}4880C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004344Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:39:10.662{C36AC009-259E-65EF-220A-000000005403}524C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004343Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:39:03.663{C36AC009-2597-65EF-210A-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004342Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:39:02.904{C36AC009-2596-65EF-200A-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004341Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:39:02.139{C36AC009-2596-65EF-1F0A-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004340Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:39:01.359{C36AC009-2595-65EF-1E0A-000000005403}1348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004339Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:39:00.596{C36AC009-2594-65EF-1D0A-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004338Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:38:03.604{C36AC009-255B-65EF-1C0A-000000005403}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004337Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:38:02.841{C36AC009-255A-65EF-1B0A-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004336Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:38:02.091{C36AC009-255A-65EF-1A0A-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004335Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:38:01.342{C36AC009-2559-65EF-190A-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004334Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:38:00.578{C36AC009-2558-65EF-180A-000000005403}5016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004333Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:37:03.745{C36AC009-251F-65EF-170A-000000005403}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004332Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:37:02.980{C36AC009-251E-65EF-160A-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004331Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:37:02.215{C36AC009-251E-65EF-150A-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004330Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:37:01.465{C36AC009-251D-65EF-140A-000000005403}2992C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004329Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:37:00.715{C36AC009-251C-65EF-130A-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004328Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:36:03.688{C36AC009-24E3-65EF-120A-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004327Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:36:02.937{C36AC009-24E2-65EF-110A-000000005403}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004326Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:36:02.187{C36AC009-24E2-65EF-100A-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004325Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:36:01.437{C36AC009-24E1-65EF-0F0A-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004324Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:36:00.687{C36AC009-24E0-65EF-0E0A-000000005403}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004323Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:35:03.689{C36AC009-24A7-65EF-0D0A-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004322Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:35:02.939{C36AC009-24A6-65EF-0C0A-000000005403}1500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004321Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:35:02.188{C36AC009-24A6-65EF-0B0A-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004320Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:35:01.437{C36AC009-24A5-65EF-0A0A-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004319Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:35:00.672{C36AC009-24A4-65EF-090A-000000005403}3596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004318Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:34:10.791{C36AC009-2472-65EF-080A-000000005403}3772C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004317Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:34:10.752{C36AC009-2472-65EF-070A-000000005403}3100C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004316Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:34:10.718{C36AC009-2472-65EF-060A-000000005403}5080C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004315Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:34:10.654{C36AC009-2472-65EF-040A-000000005403}4596C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004314Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:34:03.690{C36AC009-246B-65EF-030A-000000005403}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004313Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:34:02.937{C36AC009-246A-65EF-020A-000000005403}4820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004312Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:34:02.171{C36AC009-246A-65EF-010A-000000005403}4692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004311Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:34:01.421{C36AC009-2469-65EF-000A-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004310Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:34:00.668{C36AC009-2468-65EF-FF09-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004309Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:33:03.615{C36AC009-242F-65EF-FE09-000000005403}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004308Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:33:02.862{C36AC009-242E-65EF-FD09-000000005403}4532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004307Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:33:02.110{C36AC009-242E-65EF-FC09-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004306Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:33:01.422{C36AC009-242D-65EF-FB09-000000005403}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004305Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:33:00.670{C36AC009-242C-65EF-FA09-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004304Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:32:03.689{C36AC009-23F3-65EF-F909-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004303Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:32:02.939{C36AC009-23F2-65EF-F809-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004302Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:32:02.183{C36AC009-23F2-65EF-F709-000000005403}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004301Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:32:01.417{C36AC009-23F1-65EF-F609-000000005403}3436C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004300Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:32:00.667{C36AC009-23F0-65EF-F509-000000005403}3056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004299Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:31:03.624{C36AC009-23B7-65EF-F409-000000005403}4464C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004298Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:31:02.871{C36AC009-23B6-65EF-F309-000000005403}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004297Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:31:02.106{C36AC009-23B6-65EF-F209-000000005403}720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004296Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:31:01.415{C36AC009-23B5-65EF-F109-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004295Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:31:00.662{C36AC009-23B4-65EF-F009-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004294Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:30:03.534{C36AC009-237B-65EF-EF09-000000005403}4308C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004293Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:30:02.784{C36AC009-237A-65EF-EE09-000000005403}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004292Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:30:02.042{C36AC009-237A-65EF-ED09-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004291Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:30:01.417{C36AC009-2379-65EF-EC09-000000005403}1380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004290Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:30:00.667{C36AC009-2378-65EF-EB09-000000005403}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004289Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:29:10.795{C36AC009-2346-65EF-EA09-000000005403}216C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004288Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:29:10.755{C36AC009-2346-65EF-E909-000000005403}2460C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004287Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:29:10.719{C36AC009-2346-65EF-E809-000000005403}1096C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004286Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:29:10.654{C36AC009-2346-65EF-E609-000000005403}2156C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004285Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:29:03.696{C36AC009-233F-65EF-E509-000000005403}1088C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004284Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:29:02.942{C36AC009-233E-65EF-E409-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004283Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:29:02.192{C36AC009-233E-65EF-E309-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004282Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:29:01.422{C36AC009-233D-65EF-E209-000000005403}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004281Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:29:00.668{C36AC009-233C-65EF-E109-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004280Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:28:03.534{C36AC009-2303-65EF-E009-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004279Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:28:02.919{C36AC009-2302-65EF-DF09-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004278Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:28:02.164{C36AC009-2302-65EF-DE09-000000005403}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004277Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:28:01.414{C36AC009-2301-65EF-DD09-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004276Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:28:00.659{C36AC009-2300-65EF-DC09-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004275Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:27:03.593{C36AC009-22C7-65EF-DB09-000000005403}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004274Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:27:02.832{C36AC009-22C6-65EF-DA09-000000005403}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004273Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:27:02.082{C36AC009-22C6-65EF-D909-000000005403}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004272Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:27:01.410{C36AC009-22C5-65EF-D809-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004271Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:27:00.648{C36AC009-22C4-65EF-D709-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004270Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:26:03.590{C36AC009-228B-65EF-D609-000000005403}4640C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004269Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:26:02.840{C36AC009-228A-65EF-D509-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004268Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:26:02.084{C36AC009-228A-65EF-D409-000000005403}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004267Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:26:01.390{C36AC009-2289-65EF-D309-000000005403}4236C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004266Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:26:00.624{C36AC009-2288-65EF-D209-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004265Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:25:03.534{C36AC009-224F-65EF-D109-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004264Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:25:02.933{C36AC009-224E-65EF-D009-000000005403}4996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004263Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:25:02.160{C36AC009-224E-65EF-CF09-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004262Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:25:01.395{C36AC009-224D-65EF-CE09-000000005403}4844C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004261Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:25:00.622{C36AC009-224C-65EF-CD09-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004259Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:24:10.786{C36AC009-221A-65EF-CC09-000000005403}4500C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004258Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:24:10.746{C36AC009-221A-65EF-CB09-000000005403}3356C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004257Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:24:10.710{C36AC009-221A-65EF-CA09-000000005403}2252C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004256Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:24:10.645{C36AC009-221A-65EF-C809-000000005403}380C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004255Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:24:03.555{C36AC009-2213-65EF-C709-000000005403}1948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004254Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:24:02.914{C36AC009-2212-65EF-C609-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004253Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:24:02.149{C36AC009-2212-65EF-C509-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004252Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:24:01.383{C36AC009-2211-65EF-C409-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004251Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:24:00.619{C36AC009-2210-65EF-C309-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004250Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:23:03.618{C36AC009-21D7-65EF-C209-000000005403}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004249Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:23:02.860{C36AC009-21D6-65EF-C109-000000005403}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004248Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:23:02.110{C36AC009-21D6-65EF-C009-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004247Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:23:01.368{C36AC009-21D5-65EF-BF09-000000005403}1380C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004246Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:23:00.618{C36AC009-21D4-65EF-BE09-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004245Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:22:03.654{C36AC009-219B-65EF-BD09-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004244Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:22:02.887{C36AC009-219A-65EF-BC09-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004243Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:22:02.129{C36AC009-219A-65EF-BB09-000000005403}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004242Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:22:01.379{C36AC009-2199-65EF-BA09-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004241Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:22:00.620{C36AC009-2198-65EF-B909-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004240Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:21:03.646{C36AC009-215F-65EF-B809-000000005403}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004239Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:21:02.893{C36AC009-215E-65EF-B709-000000005403}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004238Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:21:02.128{C36AC009-215E-65EF-B609-000000005403}4136C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004237Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:21:01.368{C36AC009-215D-65EF-B509-000000005403}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004236Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:21:00.609{C36AC009-215C-65EF-B409-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004235Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:20:03.555{C36AC009-2123-65EF-B309-000000005403}5004C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004234Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:20:02.785{C36AC009-2122-65EF-B209-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004233Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:20:02.036{C36AC009-2122-65EF-B109-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004232Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:20:01.354{C36AC009-2121-65EF-B009-000000005403}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004231Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:20:00.594{C36AC009-2120-65EF-AF09-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004230Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:19:10.771{C36AC009-20EE-65EF-AE09-000000005403}3100C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004229Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:19:10.730{C36AC009-20EE-65EF-AD09-000000005403}380C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004228Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:19:10.695{C36AC009-20EE-65EF-AC09-000000005403}3860C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004227Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:19:10.630{C36AC009-20EE-65EF-AA09-000000005403}4548C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004226Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:19:03.549{C36AC009-20E7-65EF-A909-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004225Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:19:02.882{C36AC009-20E6-65EF-A809-000000005403}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004224Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:19:02.121{C36AC009-20E6-65EF-A709-000000005403}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004223Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:19:01.361{C36AC009-20E5-65EF-A609-000000005403}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004222Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:19:00.600{C36AC009-20E4-65EF-A509-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004221Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:18:03.520{C36AC009-20AB-65EF-A409-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004220Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:18:02.872{C36AC009-20AA-65EF-A309-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004219Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:18:02.122{C36AC009-20AA-65EF-A209-000000005403}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004218Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:18:01.361{C36AC009-20A9-65EF-A109-000000005403}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004217Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:18:00.589{C36AC009-20A8-65EF-A009-000000005403}1944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004216Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:17:03.625{C36AC009-206F-65EF-9F09-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004215Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:17:02.863{C36AC009-206E-65EF-9E09-000000005403}1576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004214Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:17:02.101{C36AC009-206E-65EF-9D09-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004213Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:17:01.339{C36AC009-206D-65EF-9C09-000000005403}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004212Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:17:00.577{C36AC009-206C-65EF-9B09-000000005403}1580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004211Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:16:03.606{C36AC009-2033-65EF-9A09-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004210Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:16:02.840{C36AC009-2032-65EF-9909-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004209Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:16:02.078{C36AC009-2032-65EF-9809-000000005403}2192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004208Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:16:01.312{C36AC009-2031-65EF-9709-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004207Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:16:00.562{C36AC009-2030-65EF-9609-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004206Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:15:03.519{C36AC009-1FF7-65EF-9509-000000005403}4200C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004205Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:15:02.832{C36AC009-1FF6-65EF-9409-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004204Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:15:02.056{C36AC009-1FF6-65EF-9309-000000005403}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004203Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:15:01.309{C36AC009-1FF5-65EF-9209-000000005403}4380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004202Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:15:00.543{C36AC009-1FF4-65EF-9109-000000005403}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004201Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:14:10.754{C36AC009-1FC2-65EF-9009-000000005403}4652C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004200Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:14:10.713{C36AC009-1FC2-65EF-8F09-000000005403}1948C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004199Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:14:10.676{C36AC009-1FC2-65EF-8E09-000000005403}3236C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004198Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:14:10.613{C36AC009-1FC2-65EF-8C09-000000005403}4608C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004197Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:14:03.419{C36AC009-1FBB-65EF-8B09-000000005403}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004196Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:14:02.655{C36AC009-1FBA-65EF-8A09-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004195Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:14:01.908{C36AC009-1FB9-65EF-8909-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004194Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:14:01.298{C36AC009-1FB9-65EF-8809-000000005403}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004193Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:14:00.537{C36AC009-1FB8-65EF-8709-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004192Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:13:03.528{C36AC009-1F7F-65EF-8609-000000005403}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004191Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:13:02.764{C36AC009-1F7E-65EF-8509-000000005403}296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004190Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:13:01.998{C36AC009-1F7D-65EF-8409-000000005403}5004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004189Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:13:01.296{C36AC009-1F7D-65EF-8309-000000005403}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004188Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:13:00.534{C36AC009-1F7C-65EF-8209-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004187Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:12:03.427{C36AC009-1F43-65EF-8109-000000005403}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004186Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:12:02.667{C36AC009-1F42-65EF-8009-000000005403}3524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004185Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:12:01.906{C36AC009-1F41-65EF-7F09-000000005403}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004184Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:12:01.281{C36AC009-1F41-65EF-7E09-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004183Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:12:00.532{C36AC009-1F40-65EF-7D09-000000005403}3188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004181Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:11:03.556{C36AC009-1F07-65EF-7C09-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004180Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:11:02.806{C36AC009-1F06-65EF-7B09-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004179Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:11:02.040{C36AC009-1F06-65EF-7A09-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004178Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:11:01.278{C36AC009-1F05-65EF-7909-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004177Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:11:00.517{C36AC009-1F04-65EF-7809-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004176Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:10:03.429{C36AC009-1ECB-65EF-7709-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004175Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:10:02.663{C36AC009-1ECA-65EF-7609-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004174Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:10:01.913{C36AC009-1EC9-65EF-7509-000000005403}4552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004173Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:10:01.256{C36AC009-1EC9-65EF-7409-000000005403}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004172Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:10:00.504{C36AC009-1EC8-65EF-7309-000000005403}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004171Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:09:10.731{C36AC009-1E96-65EF-7209-000000005403}1604C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004170Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:09:10.693{C36AC009-1E96-65EF-7109-000000005403}1064C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004169Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:09:10.657{C36AC009-1E96-65EF-7009-000000005403}3492C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004168Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:09:10.593{C36AC009-1E96-65EF-6E09-000000005403}3060C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004167Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:09:03.376{C36AC009-1E8F-65EF-6D09-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004166Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:09:02.765{C36AC009-1E8E-65EF-6C09-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004165Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:09:02.000{C36AC009-1E8E-65EF-6B09-000000005403}1172C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004164Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:09:01.248{C36AC009-1E8D-65EF-6A09-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004163Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:09:00.497{C36AC009-1E8C-65EF-6909-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004162Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:08:03.461{C36AC009-1E53-65EF-6809-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004161Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:08:02.696{C36AC009-1E52-65EF-6709-000000005403}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004160Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:08:01.946{C36AC009-1E51-65EF-6609-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004159Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:08:01.270{C36AC009-1E51-65EF-6509-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004158Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:08:00.504{C36AC009-1E50-65EF-6409-000000005403}2300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004157Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:07:03.421{C36AC009-1E17-65EF-6309-000000005403}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004156Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:07:02.778{C36AC009-1E16-65EF-6209-000000005403}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004155Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:07:02.010{C36AC009-1E16-65EF-6109-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004154Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:07:01.245{C36AC009-1E15-65EF-6009-000000005403}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004153Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:07:00.493{C36AC009-1E14-65EF-5F09-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004152Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:06:03.397{C36AC009-1DDB-65EF-5E09-000000005403}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004151Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:06:02.726{C36AC009-1DDA-65EF-5D09-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004150Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:06:01.976{C36AC009-1DD9-65EF-5C09-000000005403}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004149Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:06:01.237{C36AC009-1DD9-65EF-5B09-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004148Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:06:00.487{C36AC009-1DD8-65EF-5A09-000000005403}4232C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004147Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:05:03.379{C36AC009-1D9F-65EF-5909-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004146Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:05:02.736{C36AC009-1D9E-65EF-5809-000000005403}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004145Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:05:01.979{C36AC009-1D9D-65EF-5709-000000005403}880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004144Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:05:01.229{C36AC009-1D9D-65EF-5609-000000005403}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004143Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:05:00.474{C36AC009-1D9C-65EF-5509-000000005403}3844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004142Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:04:10.730{C36AC009-1D6A-65EF-5409-000000005403}3592C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004141Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:04:10.691{C36AC009-1D6A-65EF-5309-000000005403}3492C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004140Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:04:10.655{C36AC009-1D6A-65EF-5209-000000005403}4192C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004139Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:04:10.590{C36AC009-1D6A-65EF-5009-000000005403}3220C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004138Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:04:03.465{C36AC009-1D63-65EF-4F09-000000005403}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004137Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:04:02.699{C36AC009-1D62-65EF-4E09-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004136Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:04:01.943{C36AC009-1D61-65EF-4D09-000000005403}3812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004135Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:04:01.236{C36AC009-1D61-65EF-4C09-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004134Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:04:00.470{C36AC009-1D60-65EF-4B09-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004133Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:03:03.311{C36AC009-1D27-65EF-4A09-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004132Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:03:02.560{C36AC009-1D26-65EF-4909-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004131Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:03:01.812{C36AC009-1D25-65EF-4809-000000005403}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004130Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:03:01.213{C36AC009-1D25-65EF-4709-000000005403}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004129Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:03:00.459{C36AC009-1D24-65EF-4609-000000005403}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004128Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:02:03.337{C36AC009-1CEB-65EF-4509-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004127Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:02:02.571{C36AC009-1CEA-65EF-4409-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004126Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:02:01.827{C36AC009-1CE9-65EF-4309-000000005403}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004125Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:02:01.202{C36AC009-1CE9-65EF-4209-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004124Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:02:00.446{C36AC009-1CE8-65EF-4109-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004123Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:01:03.471{C36AC009-1CAF-65EF-4009-000000005403}1140C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004122Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:01:02.699{C36AC009-1CAE-65EF-3F09-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004121Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:01:01.943{C36AC009-1CAD-65EF-3E09-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004120Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:01:01.187{C36AC009-1CAD-65EF-3D09-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004119Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:01:00.431{C36AC009-1CAC-65EF-3C09-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004118Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:00:03.333{C36AC009-1C73-65EF-3B09-000000005403}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004117Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:00:02.577{C36AC009-1C72-65EF-3A09-000000005403}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004116Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:00:01.821{C36AC009-1C71-65EF-3909-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004115Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:00:01.176{C36AC009-1C71-65EF-3809-000000005403}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004114Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 15:00:00.426{C36AC009-1C70-65EF-3709-000000005403}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004113Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:59:10.711{C36AC009-1C3E-65EF-3609-000000005403}4216C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004112Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:59:10.672{C36AC009-1C3E-65EF-3509-000000005403}4372C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004111Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:59:10.636{C36AC009-1C3E-65EF-3409-000000005403}4276C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004110Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:59:10.572{C36AC009-1C3E-65EF-3209-000000005403}3712C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004109Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:59:03.348{C36AC009-1C37-65EF-3109-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004108Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:59:02.598{C36AC009-1C36-65EF-3009-000000005403}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004107Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:59:01.837{C36AC009-1C35-65EF-2F09-000000005403}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004106Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:59:01.181{C36AC009-1C35-65EF-2E09-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004105Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:59:00.425{C36AC009-1C34-65EF-2D09-000000005403}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004104Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:58:03.399{C36AC009-1BFB-65EF-2C09-000000005403}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004103Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:58:02.647{C36AC009-1BFA-65EF-2B09-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004102Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:58:01.954{C36AC009-1BF9-65EF-2A09-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004101Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:58:01.196{C36AC009-1BF9-65EF-2909-000000005403}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004100Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:58:00.439{C36AC009-1BF8-65EF-2809-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004099Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:57:03.350{C36AC009-1BBF-65EF-2709-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004098Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:57:02.592{C36AC009-1BBE-65EF-2609-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004097Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:57:01.834{C36AC009-1BBD-65EF-2509-000000005403}2328C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004096Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:57:01.193{C36AC009-1BBD-65EF-2409-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004095Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:57:00.427{C36AC009-1BBC-65EF-2309-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004094Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:56:03.283{C36AC009-1B83-65EF-2209-000000005403}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004093Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:56:02.658{C36AC009-1B82-65EF-2109-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004092Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:56:01.937{C36AC009-1B81-65EF-2009-000000005403}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004091Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:56:01.187{C36AC009-1B81-65EF-1F09-000000005403}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004090Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:56:00.437{C36AC009-1B80-65EF-1E09-000000005403}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004089Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:55:03.377{C36AC009-1B47-65EF-1D09-000000005403}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004088Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:55:02.618{C36AC009-1B46-65EF-1C09-000000005403}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004087Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:55:01.858{C36AC009-1B45-65EF-1B09-000000005403}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004086Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:55:01.186{C36AC009-1B45-65EF-1A09-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004085Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:55:00.427{C36AC009-1B44-65EF-1909-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004084Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:54:10.700{C36AC009-1B12-65EF-1809-000000005403}4940C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004083Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:54:10.660{C36AC009-1B12-65EF-1709-000000005403}4884C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004082Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:54:10.625{C36AC009-1B12-65EF-1609-000000005403}3104C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004081Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:54:10.560{C36AC009-1B12-65EF-1409-000000005403}3516C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004080Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:54:03.295{C36AC009-1B0B-65EF-1309-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004079Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:54:02.685{C36AC009-1B0A-65EF-1209-000000005403}1948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004078Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:54:01.935{C36AC009-1B09-65EF-1109-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004077Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:54:01.180{C36AC009-1B09-65EF-1009-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004076Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:54:00.430{C36AC009-1B08-65EF-0F09-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004075Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:53:03.413{C36AC009-1ACF-65EF-0E09-000000005403}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004074Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:53:02.652{C36AC009-1ACE-65EF-0D09-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004073Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:53:01.882{C36AC009-1ACD-65EF-0C09-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004072Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:53:01.188{C36AC009-1ACD-65EF-0B09-000000005403}2456C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004071Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:53:00.427{C36AC009-1ACC-65EF-0A09-000000005403}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004070Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:52:03.402{C36AC009-1A93-65EF-0909-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004069Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:52:02.652{C36AC009-1A92-65EF-0809-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004068Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:52:01.880{C36AC009-1A91-65EF-0709-000000005403}4568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004067Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:52:01.177{C36AC009-1A91-65EF-0609-000000005403}4548C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004066Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:52:00.427{C36AC009-1A90-65EF-0509-000000005403}3264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004065Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:51:03.400{C36AC009-1A57-65EF-0409-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004064Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:51:02.685{C36AC009-1A56-65EF-0309-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004063Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:51:01.935{C36AC009-1A55-65EF-0209-000000005403}4440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004062Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:51:01.174{C36AC009-1A55-65EF-0109-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004061Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:51:00.412{C36AC009-1A54-65EF-0009-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004060Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:50:03.436{C36AC009-1A1B-65EF-FF08-000000005403}3408C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004059Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:50:02.671{C36AC009-1A1A-65EF-FE08-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004058Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:50:01.908{C36AC009-1A19-65EF-FD08-000000005403}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004057Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:50:01.146{C36AC009-1A19-65EF-FC08-000000005403}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004056Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:50:00.400{C36AC009-1A18-65EF-FB08-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004055Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:49:10.698{C36AC009-19E6-65EF-FA08-000000005403}4196C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004054Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:49:10.659{C36AC009-19E6-65EF-F908-000000005403}436C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004053Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:49:10.623{C36AC009-19E6-65EF-F808-000000005403}2328C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004052Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:49:10.557{C36AC009-19E6-65EF-F608-000000005403}4716C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004051Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:49:03.520{C36AC009-19DF-65EF-F508-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004050Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:49:02.754{C36AC009-19DE-65EF-F408-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004049Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:49:01.989{C36AC009-19DD-65EF-F308-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004048Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:49:01.228{C36AC009-19DD-65EF-F208-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004047Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:49:00.478{C36AC009-19DC-65EF-F108-000000005403}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004045Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:48:03.332{C36AC009-19A3-65EF-F008-000000005403}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004044Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:48:02.566{C36AC009-19A2-65EF-EF08-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004043Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:48:01.821{C36AC009-19A1-65EF-EE08-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004042Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:48:01.233{C36AC009-19A1-65EF-ED08-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004041Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:48:00.483{C36AC009-19A0-65EF-EC08-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004040Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:47:03.346{C36AC009-1967-65EF-EB08-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004039Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:47:02.581{C36AC009-1966-65EF-EA08-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004038Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:47:01.817{C36AC009-1965-65EF-E908-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004037Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:47:01.223{C36AC009-1965-65EF-E808-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004036Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:47:00.473{C36AC009-1964-65EF-E708-000000005403}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004035Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:46:03.390{C36AC009-192B-65EF-E608-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004034Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:46:02.624{C36AC009-192A-65EF-E508-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004033Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:46:01.860{C36AC009-1929-65EF-E408-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004032Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:46:01.204{C36AC009-1929-65EF-E308-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004031Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:46:00.454{C36AC009-1928-65EF-E208-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004030Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:45:03.447{C36AC009-18EF-65EF-E108-000000005403}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004029Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:45:02.697{C36AC009-18EE-65EF-E008-000000005403}3484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004028Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:45:01.947{C36AC009-18ED-65EF-DF08-000000005403}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004027Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:45:01.197{C36AC009-18ED-65EF-DE08-000000005403}1412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004026Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:45:00.447{C36AC009-18EC-65EF-DD08-000000005403}4600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004025Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:44:10.692{C36AC009-18BA-65EF-DC08-000000005403}3004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004024Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:44:10.652{C36AC009-18BA-65EF-DB08-000000005403}4744C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004023Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:44:10.616{C36AC009-18BA-65EF-DA08-000000005403}764C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004022Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:44:10.550{C36AC009-18BA-65EF-D808-000000005403}3100C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000004021Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:44:03.466{C36AC009-18B3-65EF-D708-000000005403}4112C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004020Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:44:02.700{C36AC009-18B2-65EF-D608-000000005403}4476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004019Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:44:01.950{C36AC009-18B1-65EF-D508-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004018Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:44:01.200{C36AC009-18B1-65EF-D408-000000005403}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004017Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:44:00.450{C36AC009-18B0-65EF-D308-000000005403}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004016Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:43:03.431{C36AC009-1877-65EF-D208-000000005403}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004015Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:43:02.681{C36AC009-1876-65EF-D108-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004014Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:43:01.915{C36AC009-1875-65EF-D008-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004013Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:43:01.211{C36AC009-1875-65EF-CF08-000000005403}4148C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004012Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:43:00.445{C36AC009-1874-65EF-CE08-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004011Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:42:03.313{C36AC009-183B-65EF-CD08-000000005403}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004010Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:42:02.718{C36AC009-183A-65EF-CC08-000000005403}1236C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004009Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:42:01.966{C36AC009-1839-65EF-CB08-000000005403}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004008Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:42:01.201{C36AC009-1839-65EF-CA08-000000005403}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004007Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:42:00.449{C36AC009-1838-65EF-C908-000000005403}4560C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004006Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:41:03.423{C36AC009-17FF-65EF-C808-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004005Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:41:02.704{C36AC009-17FE-65EF-C708-000000005403}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004004Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:41:01.951{C36AC009-17FD-65EF-C608-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004003Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:41:01.199{C36AC009-17FD-65EF-C508-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004002Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:41:00.449{C36AC009-17FC-65EF-C408-000000005403}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004001Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:40:03.378{C36AC009-17C3-65EF-C308-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004000Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:40:02.719{C36AC009-17C2-65EF-C208-000000005403}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003999Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:40:01.966{C36AC009-17C1-65EF-C108-000000005403}4420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003998Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:40:01.200{C36AC009-17C1-65EF-C008-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003997Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:40:00.447{C36AC009-17C0-65EF-BF08-000000005403}5064C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003996Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:39:10.692{C36AC009-178E-65EF-BE08-000000005403}1996C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003995Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:39:10.652{C36AC009-178E-65EF-BD08-000000005403}3404C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003994Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:39:10.616{C36AC009-178E-65EF-BC08-000000005403}1336C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003993Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:39:10.552{C36AC009-178E-65EF-BA08-000000005403}4560C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003992Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:39:03.359{C36AC009-1787-65EF-B908-000000005403}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003991Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:39:02.605{C36AC009-1786-65EF-B808-000000005403}4284C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003990Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:39:01.840{C36AC009-1785-65EF-B708-000000005403}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003989Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:39:01.197{C36AC009-1785-65EF-B608-000000005403}3192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003988Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:39:00.442{C36AC009-1784-65EF-B508-000000005403}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003987Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:38:02.911{C36AC009-174A-65EF-B408-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003986Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:38:02.286{C36AC009-174A-65EF-B308-000000005403}1540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003985Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:38:01.661{C36AC009-1749-65EF-B208-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003984Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:38:01.033{C36AC009-1749-65EF-B108-000000005403}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003983Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:38:00.434{C36AC009-1748-65EF-B008-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003982Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:37:03.438{C36AC009-170F-65EF-AF08-000000005403}2184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003981Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:37:02.672{C36AC009-170E-65EF-AE08-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003980Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:37:01.933{C36AC009-170D-65EF-AD08-000000005403}216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003979Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:37:01.178{C36AC009-170D-65EF-AC08-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003978Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:37:00.428{C36AC009-170C-65EF-AB08-000000005403}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003977Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:36:03.441{C36AC009-16D3-65EF-AA08-000000005403}1176C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003976Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:36:02.681{C36AC009-16D2-65EF-A908-000000005403}4408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003975Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:36:01.931{C36AC009-16D1-65EF-A808-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003974Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:36:01.181{C36AC009-16D1-65EF-A708-000000005403}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003973Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:36:00.421{C36AC009-16D0-65EF-A608-000000005403}3584C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003972Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:35:03.438{C36AC009-1697-65EF-A508-000000005403}972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003971Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:35:02.683{C36AC009-1696-65EF-A408-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003970Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:35:01.917{C36AC009-1695-65EF-A308-000000005403}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003969Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:35:01.161{C36AC009-1695-65EF-A208-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003968Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:35:00.406{C36AC009-1694-65EF-A108-000000005403}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003967Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:34:10.681{C36AC009-1662-65EF-A008-000000005403}1972C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003966Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:34:10.642{C36AC009-1662-65EF-9F08-000000005403}2156C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003965Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:34:10.606{C36AC009-1662-65EF-9E08-000000005403}4736C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003964Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:34:10.541{C36AC009-1662-65EF-9C08-000000005403}4524C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003963Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:34:03.365{C36AC009-165B-65EF-9B08-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003962Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:34:02.677{C36AC009-165A-65EF-9A08-000000005403}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003961Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:34:01.905{C36AC009-1659-65EF-9908-000000005403}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003960Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:34:01.149{C36AC009-1659-65EF-9808-000000005403}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003959Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:34:00.399{C36AC009-1658-65EF-9708-000000005403}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003958Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:33:03.376{C36AC009-161F-65EF-9608-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003957Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:33:02.672{C36AC009-161E-65EF-9508-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003956Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:33:01.915{C36AC009-161D-65EF-9408-000000005403}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003955Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:33:01.142{C36AC009-161D-65EF-9308-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003954Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:33:00.392{C36AC009-161C-65EF-9208-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003953Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:32:03.258{C36AC009-15E3-65EF-9108-000000005403}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003952Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:32:02.644{C36AC009-15E2-65EF-9008-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003951Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:32:01.894{C36AC009-15E1-65EF-8F08-000000005403}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003950Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:32:01.151{C36AC009-15E1-65EF-8E08-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003949Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:32:00.378{C36AC009-15E0-65EF-8D08-000000005403}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003948Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:31:03.433{C36AC009-15A7-65EF-8C08-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003947Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:31:02.657{C36AC009-15A6-65EF-8B08-000000005403}2632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003946Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:31:01.894{C36AC009-15A5-65EF-8A08-000000005403}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003945Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:31:01.123{C36AC009-15A5-65EF-8908-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003944Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:31:00.357{C36AC009-15A4-65EF-8808-000000005403}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003943Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:30:03.282{C36AC009-156B-65EF-8708-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003942Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:30:02.594{C36AC009-156A-65EF-8608-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003941Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:30:01.842{C36AC009-1569-65EF-8508-000000005403}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003940Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:30:01.097{C36AC009-1569-65EF-8408-000000005403}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003939Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:30:00.342{C36AC009-1568-65EF-8308-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003938Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:29:10.678{C36AC009-1536-65EF-8208-000000005403}2088C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003937Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:29:10.639{C36AC009-1536-65EF-8108-000000005403}1984C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003936Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:29:10.602{C36AC009-1536-65EF-8008-000000005403}3588C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003935Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:29:10.537{C36AC009-1536-65EF-7E08-000000005403}4916C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003934Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:29:03.219{C36AC009-152F-65EF-7D08-000000005403}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003933Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:29:02.469{C36AC009-152E-65EF-7C08-000000005403}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003932Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:29:01.719{C36AC009-152D-65EF-7B08-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003931Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:29:01.105{C36AC009-152D-65EF-7A08-000000005403}5116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003930Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:29:00.340{C36AC009-152C-65EF-7908-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003929Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:28:03.340{C36AC009-14F3-65EF-7808-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003928Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:28:02.575{C36AC009-14F2-65EF-7708-000000005403}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003927Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:28:01.840{C36AC009-14F1-65EF-7608-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003926Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:28:01.081{C36AC009-14F1-65EF-7508-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003925Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:28:00.336{C36AC009-14F0-65EF-7408-000000005403}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003924Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:27:03.268{C36AC009-14B7-65EF-7308-000000005403}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003923Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:27:02.513{C36AC009-14B6-65EF-7208-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003922Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:27:01.763{C36AC009-14B5-65EF-7108-000000005403}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003921Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:27:01.090{C36AC009-14B5-65EF-7008-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003920Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:27:00.330{C36AC009-14B4-65EF-6F08-000000005403}4844C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003919Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:26:03.235{C36AC009-147B-65EF-6E08-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003918Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:26:02.610{C36AC009-147A-65EF-6D08-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003917Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:26:01.849{C36AC009-1479-65EF-6C08-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003916Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:26:01.103{C36AC009-1479-65EF-6B08-000000005403}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003915Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:26:00.337{C36AC009-1478-65EF-6A08-000000005403}3960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003913Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:25:03.362{C36AC009-143F-65EF-6908-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003912Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:25:02.589{C36AC009-143E-65EF-6808-000000005403}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003911Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:25:01.839{C36AC009-143D-65EF-6708-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003910Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:25:01.089{C36AC009-143D-65EF-6608-000000005403}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003909Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:25:00.327{C36AC009-143C-65EF-6508-000000005403}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003907Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:24:10.663{C36AC009-140A-65EF-6408-000000005403}4388C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003906Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:24:10.624{C36AC009-140A-65EF-6308-000000005403}4188C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003905Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:24:10.588{C36AC009-140A-65EF-6208-000000005403}1116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003904Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:24:10.524{C36AC009-140A-65EF-6008-000000005403}4620C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003903Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:24:03.292{C36AC009-1403-65EF-5F08-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003902Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:24:02.604{C36AC009-1402-65EF-5E08-000000005403}3744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003901Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:24:01.841{C36AC009-1401-65EF-5D08-000000005403}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003900Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:24:01.076{C36AC009-1401-65EF-5C08-000000005403}4216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003899Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:24:00.313{C36AC009-1400-65EF-5B08-000000005403}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003898Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:23:03.277{C36AC009-13C7-65EF-5A08-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003897Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:23:02.514{C36AC009-13C6-65EF-5908-000000005403}1376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003896Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:23:01.764{C36AC009-13C5-65EF-5808-000000005403}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003895Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:23:01.079{C36AC009-13C5-65EF-5708-000000005403}4148C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003894Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:23:00.315{C36AC009-13C4-65EF-5608-000000005403}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003893Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:22:03.227{C36AC009-138B-65EF-5508-000000005403}2908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003892Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:22:02.572{C36AC009-138A-65EF-5408-000000005403}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003891Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:22:01.808{C36AC009-1389-65EF-5308-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003890Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:22:01.058{C36AC009-1389-65EF-5208-000000005403}5000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003889Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:22:00.294{C36AC009-1388-65EF-5108-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003888Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:21:03.250{C36AC009-134F-65EF-5008-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003887Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:21:02.485{C36AC009-134E-65EF-4F08-000000005403}3436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003886Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:21:01.721{C36AC009-134D-65EF-4E08-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003885Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:21:01.033{C36AC009-134D-65EF-4D08-000000005403}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003884Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:21:00.268{C36AC009-134C-65EF-4C08-000000005403}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003882Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:20:03.223{C36AC009-1313-65EF-4B08-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003881Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:20:02.474{C36AC009-1312-65EF-4A08-000000005403}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003880Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:20:01.724{C36AC009-1311-65EF-4908-000000005403}2040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003879Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:20:01.021{C36AC009-1311-65EF-4808-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003878Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:20:00.257{C36AC009-1310-65EF-4708-000000005403}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003877Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:19:10.654{C36AC009-12DE-65EF-4608-000000005403}604C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003876Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:19:10.614{C36AC009-12DE-65EF-4508-000000005403}1604C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003875Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:19:10.577{C36AC009-12DE-65EF-4408-000000005403}4940C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003874Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:19:10.512{C36AC009-12DE-65EF-4208-000000005403}696C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003873Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:19:03.198{C36AC009-12D7-65EF-4108-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003872Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:19:02.433{C36AC009-12D6-65EF-4008-000000005403}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003871Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:19:01.668{C36AC009-12D5-65EF-3F08-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003870Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:19:01.011{C36AC009-12D5-65EF-3E08-000000005403}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003869Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:19:00.246{C36AC009-12D4-65EF-3D08-000000005403}1484C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003868Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:18:03.173{C36AC009-129B-65EF-3C08-000000005403}524C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003867Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:18:02.516{C36AC009-129A-65EF-3B08-000000005403}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003866Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:18:01.766{C36AC009-1299-65EF-3A08-000000005403}4532C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003865Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:18:01.000{C36AC009-1299-65EF-3908-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003864Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:18:00.234{C36AC009-1298-65EF-3808-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003863Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:17:03.225{C36AC009-125F-65EF-3708-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003862Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:17:02.475{C36AC009-125E-65EF-3608-000000005403}2392C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003861Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:17:01.725{C36AC009-125D-65EF-3508-000000005403}3452C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003860Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:17:00.992{C36AC009-125C-65EF-3408-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003859Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:17:00.242{C36AC009-125C-65EF-3308-000000005403}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003858Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:16:03.271{C36AC009-1223-65EF-3208-000000005403}972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003857Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:16:02.521{C36AC009-1222-65EF-3108-000000005403}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003856Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:16:01.767{C36AC009-1221-65EF-3008-000000005403}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003855Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:16:01.001{C36AC009-1221-65EF-2F08-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003854Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:16:00.236{C36AC009-1220-65EF-2E08-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003853Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:15:03.245{C36AC009-11E7-65EF-2D08-000000005403}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003852Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:15:02.508{C36AC009-11E6-65EF-2C08-000000005403}1116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003851Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:15:01.743{C36AC009-11E5-65EF-2B08-000000005403}4984C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003850Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:15:01.005{C36AC009-11E5-65EF-2A08-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003849Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:15:00.240{C36AC009-11E4-65EF-2908-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003847Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:14:10.646{C36AC009-11B2-65EF-2808-000000005403}372C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003846Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:14:10.606{C36AC009-11B2-65EF-2708-000000005403}4432C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003845Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:14:10.570{C36AC009-11B2-65EF-2608-000000005403}5072C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003844Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:14:10.505{C36AC009-11B2-65EF-2408-000000005403}5012C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003843Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:14:03.278{C36AC009-11AB-65EF-2308-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003842Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:14:02.513{C36AC009-11AA-65EF-2208-000000005403}1380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003841Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:14:01.763{C36AC009-11A9-65EF-2108-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003840Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:14:01.006{C36AC009-11A9-65EF-2008-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003839Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:14:00.241{C36AC009-11A8-65EF-1F08-000000005403}4872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003838Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:13:03.261{C36AC009-116F-65EF-1E08-000000005403}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003837Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:13:02.507{C36AC009-116E-65EF-1D08-000000005403}4952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003836Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:13:01.742{C36AC009-116D-65EF-1C08-000000005403}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003835Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:13:00.988{C36AC009-116C-65EF-1B08-000000005403}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003834Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:13:00.234{C36AC009-116C-65EF-1A08-000000005403}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003833Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:12:03.230{C36AC009-1133-65EF-1908-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003832Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:12:02.473{C36AC009-1132-65EF-1808-000000005403}5084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003831Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:12:01.707{C36AC009-1131-65EF-1708-000000005403}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003830Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:12:00.973{C36AC009-1130-65EF-1608-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003829Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:12:00.215{C36AC009-1130-65EF-1508-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003828Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:11:03.250{C36AC009-10F7-65EF-1408-000000005403}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003827Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:11:02.480{C36AC009-10F6-65EF-1308-000000005403}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003826Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:11:01.726{C36AC009-10F5-65EF-1208-000000005403}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003825Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:11:00.971{C36AC009-10F4-65EF-1108-000000005403}4916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003824Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:11:00.221{C36AC009-10F4-65EF-1008-000000005403}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003823Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:10:03.147{C36AC009-10BB-65EF-0F08-000000005403}4500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003822Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:10:02.396{C36AC009-10BA-65EF-0E08-000000005403}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003821Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:10:01.631{C36AC009-10B9-65EF-0D08-000000005403}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003820Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:10:00.959{C36AC009-10B8-65EF-0C08-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003819Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:10:00.198{C36AC009-10B8-65EF-0B08-000000005403}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003818Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:09:10.645{C36AC009-1086-65EF-0A08-000000005403}1172C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003817Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:09:10.605{C36AC009-1086-65EF-0908-000000005403}3972C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003816Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:09:10.569{C36AC009-1086-65EF-0808-000000005403}3104C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003815Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:09:10.504{C36AC009-1086-65EF-0608-000000005403}436C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003814Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:09:03.050{C36AC009-107F-65EF-0508-000000005403}4480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003813Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:09:02.296{C36AC009-107E-65EF-0408-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003812Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:09:01.533{C36AC009-107D-65EF-0308-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003811Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:09:00.939{C36AC009-107C-65EF-0208-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003810Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:09:00.189{C36AC009-107C-65EF-0108-000000005403}4104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003809Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:08:03.170{C36AC009-1043-65EF-0008-000000005403}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003808Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:08:02.428{C36AC009-1042-65EF-FF07-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003807Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:08:01.671{C36AC009-1041-65EF-FE07-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003806Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:08:00.921{C36AC009-1040-65EF-FD07-000000005403}592C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003805Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:08:00.170{C36AC009-1040-65EF-FC07-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003804Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:07:03.175{C36AC009-1007-65EF-FB07-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003803Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:07:02.418{C36AC009-1006-65EF-FA07-000000005403}2240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003802Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:07:01.668{C36AC009-1005-65EF-F907-000000005403}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003801Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:07:00.926{C36AC009-1004-65EF-F807-000000005403}4148C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003800Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:07:00.169{C36AC009-1004-65EF-F707-000000005403}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003799Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:06:03.181{C36AC009-0FCB-65EF-F607-000000005403}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003798Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:06:02.431{C36AC009-0FCA-65EF-F507-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003797Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:06:01.681{C36AC009-0FC9-65EF-F407-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003796Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:06:00.923{C36AC009-0FC8-65EF-F307-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003795Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:06:00.165{C36AC009-0FC8-65EF-F207-000000005403}4212C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003794Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:05:03.036{C36AC009-0F8F-65EF-F107-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003793Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:05:02.434{C36AC009-0F8E-65EF-F007-000000005403}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003792Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:05:01.675{C36AC009-0F8D-65EF-EF07-000000005403}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003791Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:05:00.901{C36AC009-0F8C-65EF-EE07-000000005403}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003790Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:05:00.158{C36AC009-0F8C-65EF-ED07-000000005403}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003789Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:04:10.631{C36AC009-0F5A-65EF-EC07-000000005403}3184C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003788Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:04:10.591{C36AC009-0F5A-65EF-EB07-000000005403}4900C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003787Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:04:10.554{C36AC009-0F5A-65EF-EA07-000000005403}3040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003786Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:04:10.489{C36AC009-0F5A-65EF-E807-000000005403}4960C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003785Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:04:03.075{C36AC009-0F53-65EF-E707-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003784Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:04:02.309{C36AC009-0F52-65EF-E607-000000005403}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003783Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:04:01.558{C36AC009-0F51-65EF-E507-000000005403}2104C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003782Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:04:00.893{C36AC009-0F50-65EF-E407-000000005403}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003781Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:04:00.143{C36AC009-0F50-65EF-E307-000000005403}2124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003780Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:03:03.018{C36AC009-0F17-65EF-E207-000000005403}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003779Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:03:02.430{C36AC009-0F16-65EF-E107-000000005403}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003778Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:03:01.680{C36AC009-0F15-65EF-E007-000000005403}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003777Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:03:00.912{C36AC009-0F14-65EF-DF07-000000005403}4192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003776Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:03:00.138{C36AC009-0F14-65EF-DE07-000000005403}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003775Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:02:03.150{C36AC009-0EDB-65EF-DD07-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003774Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:02:02.385{C36AC009-0EDA-65EF-DC07-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003773Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:02:01.619{C36AC009-0ED9-65EF-DB07-000000005403}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003772Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:02:00.896{C36AC009-0ED8-65EF-DA07-000000005403}2088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003771Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:02:00.130{C36AC009-0ED8-65EF-D907-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003770Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:01:03.178{C36AC009-0E9F-65EF-D807-000000005403}3572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003769Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:01:02.417{C36AC009-0E9E-65EF-D707-000000005403}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003768Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:01:01.657{C36AC009-0E9D-65EF-D607-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003767Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:01:00.891{C36AC009-0E9C-65EF-D507-000000005403}5040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003766Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:01:00.130{C36AC009-0E9C-65EF-D407-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003765Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:00:03.147{C36AC009-0E63-65EF-D307-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003764Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:00:02.397{C36AC009-0E62-65EF-D207-000000005403}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003763Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:00:01.647{C36AC009-0E61-65EF-D107-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003762Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:00:00.890{C36AC009-0E60-65EF-D007-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003761Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 14:00:00.124{C36AC009-0E60-65EF-CF07-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003760Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:59:10.625{C36AC009-0E2E-65EF-CE07-000000005403}880C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003759Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:59:10.584{C36AC009-0E2E-65EF-CD07-000000005403}4916C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003758Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:59:10.547{C36AC009-0E2E-65EF-CC07-000000005403}484C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003757Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:59:10.482{C36AC009-0E2E-65EF-CA07-000000005403}4844C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003756Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:59:03.150{C36AC009-0E27-65EF-C907-000000005403}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003755Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:59:02.388{C36AC009-0E26-65EF-C807-000000005403}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003754Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:59:01.638{C36AC009-0E25-65EF-C707-000000005403}4736C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003753Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:59:00.876{C36AC009-0E24-65EF-C607-000000005403}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003752Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:59:00.114{C36AC009-0E24-65EF-C507-000000005403}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003750Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:58:03.150{C36AC009-0DEB-65EF-C407-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003749Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:58:02.387{C36AC009-0DEA-65EF-C307-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003748Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:58:01.624{C36AC009-0DE9-65EF-C207-000000005403}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003747Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:58:00.859{C36AC009-0DE8-65EF-C107-000000005403}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003746Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:58:00.096{C36AC009-0DE8-65EF-C007-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003744Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:57:03.084{C36AC009-0DAF-65EF-BF07-000000005403}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003743Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:57:02.395{C36AC009-0DAE-65EF-BE07-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003742Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:57:01.630{C36AC009-0DAD-65EF-BD07-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003741Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:57:00.866{C36AC009-0DAC-65EF-BC07-000000005403}2668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003740Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:57:00.103{C36AC009-0DAC-65EF-BB07-000000005403}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003739Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:56:03.071{C36AC009-0D73-65EF-BA07-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003738Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:56:02.310{C36AC009-0D72-65EF-B907-000000005403}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003737Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:56:01.560{C36AC009-0D71-65EF-B807-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003736Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:56:00.845{C36AC009-0D70-65EF-B707-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003735Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:56:00.095{C36AC009-0D70-65EF-B607-000000005403}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003734Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:55:03.042{C36AC009-0D37-65EF-B507-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003733Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:55:02.387{C36AC009-0D36-65EF-B407-000000005403}2192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003732Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:55:01.623{C36AC009-0D35-65EF-B307-000000005403}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003731Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:55:00.858{C36AC009-0D34-65EF-B207-000000005403}5008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003730Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:55:00.093{C36AC009-0D34-65EF-B107-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003729Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:54:10.624{C36AC009-0D02-65EF-B007-000000005403}2104C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003728Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:54:10.584{C36AC009-0D02-65EF-AF07-000000005403}4856C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003727Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:54:10.548{C36AC009-0D02-65EF-AE07-000000005403}3396C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003726Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:54:10.483{C36AC009-0D02-65EF-AC07-000000005403}212C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003725Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:54:03.127{C36AC009-0CFB-65EF-AB07-000000005403}2084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003724Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:54:02.361{C36AC009-0CFA-65EF-AA07-000000005403}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003723Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:54:01.603{C36AC009-0CF9-65EF-A907-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003722Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:54:00.853{C36AC009-0CF8-65EF-A807-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003721Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:54:00.087{C36AC009-0CF8-65EF-A707-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003720Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:53:02.971{C36AC009-0CBE-65EF-A607-000000005403}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003719Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:53:02.354{C36AC009-0CBE-65EF-A507-000000005403}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003718Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:53:01.596{C36AC009-0CBD-65EF-A407-000000005403}1040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003717Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:53:00.830{C36AC009-0CBC-65EF-A307-000000005403}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003716Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:53:00.074{C36AC009-0CBC-65EF-A207-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003715Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:52:02.986{C36AC009-0C82-65EF-A107-000000005403}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003714Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:52:02.314{C36AC009-0C82-65EF-A007-000000005403}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003713Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:52:01.572{C36AC009-0C81-65EF-9F07-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003712Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:52:00.821{C36AC009-0C80-65EF-9E07-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003711Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:52:00.071{C36AC009-0C80-65EF-9D07-000000005403}2492C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003710Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:51:03.108{C36AC009-0C47-65EF-9C07-000000005403}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003709Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:51:02.346{C36AC009-0C46-65EF-9B07-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003708Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:51:01.580{C36AC009-0C45-65EF-9A07-000000005403}4780C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003707Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:51:00.817{C36AC009-0C44-65EF-9907-000000005403}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003706Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:51:00.063{C36AC009-0C44-65EF-9807-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003705Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:50:02.982{C36AC009-0C0A-65EF-9707-000000005403}2268C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003704Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:50:02.232{C36AC009-0C0A-65EF-9607-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003703Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:50:01.493{C36AC009-0C09-65EF-9507-000000005403}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003702Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:50:00.806{C36AC009-0C08-65EF-9407-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003701Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:50:00.056{C36AC009-0C08-65EF-9307-000000005403}896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003700Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:49:10.620{C36AC009-0BD6-65EF-9207-000000005403}4532C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003699Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:49:10.580{C36AC009-0BD6-65EF-9107-000000005403}2416C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003698Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:49:10.543{C36AC009-0BD6-65EF-9007-000000005403}4140C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003697Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:49:10.478{C36AC009-0BD6-65EF-8E07-000000005403}3348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003696Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:49:03.064{C36AC009-0BCF-65EF-8D07-000000005403}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003695Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:49:02.312{C36AC009-0BCE-65EF-8C07-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003694Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:49:01.560{C36AC009-0BCD-65EF-8B07-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003693Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:49:00.797{C36AC009-0BCC-65EF-8A07-000000005403}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003692Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:49:00.043{C36AC009-0BCC-65EF-8907-000000005403}604C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003691Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:48:03.026{C36AC009-0B93-65EF-8807-000000005403}4492C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003690Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:48:02.261{C36AC009-0B92-65EF-8707-000000005403}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003689Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:48:01.512{C36AC009-0B91-65EF-8607-000000005403}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003688Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:48:00.794{C36AC009-0B90-65EF-8507-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003687Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:48:00.036{C36AC009-0B90-65EF-8407-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003686Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:47:02.953{C36AC009-0B56-65EF-8307-000000005403}4404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003685Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:47:02.184{C36AC009-0B56-65EF-8207-000000005403}4448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003684Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:47:01.434{C36AC009-0B55-65EF-8107-000000005403}3412C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003683Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:47:00.774{C36AC009-0B54-65EF-8007-000000005403}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003682Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:47:00.023{C36AC009-0B54-65EF-7F07-000000005403}212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003681Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:46:02.934{C36AC009-0B1A-65EF-7E07-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003680Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:46:02.176{C36AC009-0B1A-65EF-7D07-000000005403}3160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003679Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:46:01.411{C36AC009-0B19-65EF-7C07-000000005403}4604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003678Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:46:00.770{C36AC009-0B18-65EF-7B07-000000005403}5068C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003677Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:46:00.012{C36AC009-0B18-65EF-7A07-000000005403}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003676Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:45:02.790{C36AC009-0ADE-65EF-7907-000000005403}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003675Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:45:02.165{C36AC009-0ADE-65EF-7807-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003674Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:45:01.524{C36AC009-0ADD-65EF-7707-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003673Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:45:00.764{C36AC009-0ADC-65EF-7607-000000005403}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003672Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:45:00.014{C36AC009-0ADC-65EF-7507-000000005403}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003671Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:44:10.611{C36AC009-0AAA-65EF-7407-000000005403}3860C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003670Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:44:10.572{C36AC009-0AAA-65EF-7307-000000005403}484C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003669Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:44:10.535{C36AC009-0AAA-65EF-7207-000000005403}4456C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003668Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:44:10.470{C36AC009-0AAA-65EF-7007-000000005403}3580C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003667Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:44:02.489{C36AC009-0AA2-65EF-6F07-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003666Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:44:01.874{C36AC009-0AA1-65EF-6E07-000000005403}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003665Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:44:01.249{C36AC009-0AA1-65EF-6D07-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003664Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:44:00.618{C36AC009-0AA0-65EF-6C07-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003663Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:44:00.009{C36AC009-0AA0-65EF-6B07-000000005403}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003662Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:43:03.051{C36AC009-0A67-65EF-6A07-000000005403}3148C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003661Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:43:02.301{C36AC009-0A66-65EF-6907-000000005403}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003660Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:43:01.529{C36AC009-0A65-65EF-6807-000000005403}424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003659Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:43:00.773{C36AC009-0A64-65EF-6707-000000005403}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003658Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:43:00.008{C36AC009-0A64-65EF-6607-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003657Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:42:03.024{C36AC009-0A2B-65EF-6507-000000005403}2124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003656Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:42:02.259{C36AC009-0A2A-65EF-6407-000000005403}2732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003655Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:42:01.502{C36AC009-0A29-65EF-6307-000000005403}2236C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003654Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:42:00.885{C36AC009-0A28-65EF-6207-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003653Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:42:00.135{C36AC009-0A28-65EF-6107-000000005403}2252C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003652Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:41:03.090{C36AC009-09EF-65EF-6007-000000005403}1360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003651Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:41:02.333{C36AC009-09EE-65EF-5F07-000000005403}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003650Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:41:01.583{C36AC009-09ED-65EF-5E07-000000005403}360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003649Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:41:00.904{C36AC009-09EC-65EF-5D07-000000005403}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003647Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:41:00.147{C36AC009-09EC-65EF-5C07-000000005403}856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003646Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:40:02.947{C36AC009-09B2-65EF-5B07-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003645Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:40:02.330{C36AC009-09B2-65EF-5A07-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003644Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:40:01.635{C36AC009-09B1-65EF-5907-000000005403}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003643Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:40:00.885{C36AC009-09B0-65EF-5807-000000005403}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003641Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:40:00.127{C36AC009-09B0-65EF-5707-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003640Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:39:10.611{C36AC009-097E-65EF-5607-000000005403}3348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003639Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:39:10.571{C36AC009-097E-65EF-5507-000000005403}4936C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003638Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:39:10.535{C36AC009-097E-65EF-5407-000000005403}4384C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003637Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:39:10.469{C36AC009-097E-65EF-5207-000000005403}1996C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003636Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:39:03.086{C36AC009-0977-65EF-5107-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003635Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:39:02.327{C36AC009-0976-65EF-5007-000000005403}4840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003634Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:39:01.569{C36AC009-0975-65EF-4F07-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003633Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:39:00.882{C36AC009-0974-65EF-4E07-000000005403}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003632Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:39:00.123{C36AC009-0974-65EF-4D07-000000005403}4320C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003630Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:38:03.009{C36AC009-093B-65EF-4C07-000000005403}3372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003629Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:38:02.365{C36AC009-093A-65EF-4B07-000000005403}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003628Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:38:01.615{C36AC009-0939-65EF-4A07-000000005403}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003627Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:38:00.865{C36AC009-0938-65EF-4907-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003626Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:38:00.113{C36AC009-0938-65EF-4807-000000005403}3596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003625Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:37:03.166{C36AC009-08FF-65EF-4707-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003624Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:37:02.406{C36AC009-08FE-65EF-4607-000000005403}4496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003623Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:37:01.646{C36AC009-08FD-65EF-4507-000000005403}2960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003622Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:37:00.871{C36AC009-08FC-65EF-4407-000000005403}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003621Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:37:00.105{C36AC009-08FC-65EF-4307-000000005403}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003620Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:36:03.123{C36AC009-08C3-65EF-4207-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003619Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:36:02.362{C36AC009-08C2-65EF-4107-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003618Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:36:01.602{C36AC009-08C1-65EF-4007-000000005403}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003617Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:36:00.852{C36AC009-08C0-65EF-3F07-000000005403}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003616Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:36:00.097{C36AC009-08C0-65EF-3E07-000000005403}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003615Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:35:03.000{C36AC009-0887-65EF-3D07-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003614Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:35:02.375{C36AC009-0886-65EF-3C07-000000005403}1404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003613Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:35:01.609{C36AC009-0885-65EF-3B07-000000005403}924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003612Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:35:00.853{C36AC009-0884-65EF-3A07-000000005403}1504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003611Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:35:00.103{C36AC009-0884-65EF-3907-000000005403}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003610Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:34:10.601{C36AC009-0852-65EF-3807-000000005403}5116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003609Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:34:10.561{C36AC009-0852-65EF-3707-000000005403}340C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003608Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:34:10.525{C36AC009-0852-65EF-3607-000000005403}3360C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003607Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:34:10.460{C36AC009-0852-65EF-3407-000000005403}3668C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003606Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:34:03.057{C36AC009-084B-65EF-3307-000000005403}4500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003605Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:34:02.374{C36AC009-084A-65EF-3207-000000005403}600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003604Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:34:01.608{C36AC009-0849-65EF-3107-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003603Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:34:00.858{C36AC009-0848-65EF-3007-000000005403}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003602Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:34:00.096{C36AC009-0848-65EF-2F07-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003601Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:33:03.145{C36AC009-080F-65EF-2E07-000000005403}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003600Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:33:02.383{C36AC009-080E-65EF-2D07-000000005403}2264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003599Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:33:01.617{C36AC009-080D-65EF-2C07-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003598Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:33:00.855{C36AC009-080C-65EF-2B07-000000005403}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003597Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:33:00.094{C36AC009-080C-65EF-2A07-000000005403}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003596Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:32:03.149{C36AC009-07D3-65EF-2907-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003595Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:32:02.387{C36AC009-07D2-65EF-2807-000000005403}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003594Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:32:01.624{C36AC009-07D1-65EF-2707-000000005403}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003593Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:32:00.859{C36AC009-07D0-65EF-2607-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003592Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:32:00.099{C36AC009-07D0-65EF-2507-000000005403}436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003590Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:31:02.977{C36AC009-0796-65EF-2407-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003589Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:31:02.385{C36AC009-0796-65EF-2307-000000005403}2216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003588Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:31:01.622{C36AC009-0795-65EF-2207-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003587Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:31:00.856{C36AC009-0794-65EF-2107-000000005403}4432C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003586Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:31:00.093{C36AC009-0794-65EF-2007-000000005403}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003585Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:30:03.033{C36AC009-075B-65EF-1F07-000000005403}3292C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003584Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:30:02.361{C36AC009-075A-65EF-1E07-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003583Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:30:01.597{C36AC009-0759-65EF-1D07-000000005403}4800C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003582Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:30:00.833{C36AC009-0758-65EF-1C07-000000005403}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003581Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:30:00.083{C36AC009-0758-65EF-1B07-000000005403}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003579Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:29:10.595{C36AC009-0726-65EF-1A07-000000005403}4436C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003578Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:29:10.555{C36AC009-0726-65EF-1907-000000005403}4308C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003577Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:29:10.518{C36AC009-0726-65EF-1807-000000005403}1996C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003576Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:29:10.454{C36AC009-0726-65EF-1607-000000005403}1820C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003575Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:29:03.002{C36AC009-071F-65EF-1507-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003574Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:29:02.376{C36AC009-071E-65EF-1407-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003573Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:29:01.613{C36AC009-071D-65EF-1307-000000005403}5040C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003572Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:29:00.847{C36AC009-071C-65EF-1207-000000005403}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003571Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:29:00.082{C36AC009-071C-65EF-1107-000000005403}4564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003570Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:28:03.047{C36AC009-06E3-65EF-1007-000000005403}5112C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003569Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:28:02.343{C36AC009-06E2-65EF-0F07-000000005403}3008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003568Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:28:01.594{C36AC009-06E1-65EF-0E07-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003567Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:28:00.829{C36AC009-06E0-65EF-0D07-000000005403}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003566Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:28:00.078{C36AC009-06E0-65EF-0C07-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003565Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:27:03.087{C36AC009-06A7-65EF-0B07-000000005403}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003564Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:27:02.322{C36AC009-06A6-65EF-0A07-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003563Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:27:01.571{C36AC009-06A5-65EF-0907-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003562Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:27:00.805{C36AC009-06A4-65EF-0807-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003561Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:27:00.055{C36AC009-06A4-65EF-0707-000000005403}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003560Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:26:02.913{C36AC009-066A-65EF-0607-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003559Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:26:02.162{C36AC009-066A-65EF-0507-000000005403}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003558Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:26:01.412{C36AC009-0669-65EF-0407-000000005403}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003557Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:26:00.802{C36AC009-0668-65EF-0307-000000005403}4964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003556Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:26:00.051{C36AC009-0668-65EF-0207-000000005403}4540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003555Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:25:02.931{C36AC009-062E-65EF-0107-000000005403}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003554Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:25:02.165{C36AC009-062E-65EF-0007-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003553Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:25:01.415{C36AC009-062D-65EF-FF06-000000005403}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003552Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:25:00.789{C36AC009-062C-65EF-FE06-000000005403}5028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003551Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:25:00.038{C36AC009-062C-65EF-FD06-000000005403}4844C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003549Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:24:10.576{C36AC009-05FA-65EF-FC06-000000005403}5116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003548Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:24:10.536{C36AC009-05FA-65EF-FB06-000000005403}4308C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003547Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:24:10.501{C36AC009-05FA-65EF-FA06-000000005403}1996C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003546Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:24:10.436{C36AC009-05FA-65EF-F806-000000005403}4544C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003545Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:24:02.965{C36AC009-05F2-65EF-F706-000000005403}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003544Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:24:02.215{C36AC009-05F2-65EF-F606-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003543Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:24:01.466{C36AC009-05F1-65EF-F506-000000005403}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003542Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:24:00.776{C36AC009-05F0-65EF-F406-000000005403}2520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003541Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:24:00.025{C36AC009-05F0-65EF-F306-000000005403}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003540Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:23:02.873{C36AC009-05B6-65EF-F206-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003539Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:23:02.261{C36AC009-05B6-65EF-F106-000000005403}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003538Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:23:01.509{C36AC009-05B5-65EF-F006-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003537Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:23:00.759{C36AC009-05B4-65EF-EF06-000000005403}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003536Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:23:00.007{C36AC009-05B4-65EF-EE06-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003535Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:22:02.881{C36AC009-057A-65EF-ED06-000000005403}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003534Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:22:02.131{C36AC009-057A-65EF-EC06-000000005403}3492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003533Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:22:01.394{C36AC009-0579-65EF-EB06-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003532Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:22:00.765{C36AC009-0578-65EF-EA06-000000005403}4456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003531Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:22:00.000{C36AC009-0578-65EF-E906-000000005403}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003529Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:21:02.874{C36AC009-053E-65EF-E806-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003528Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:21:02.261{C36AC009-053E-65EF-E706-000000005403}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003527Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:21:01.511{C36AC009-053D-65EF-E606-000000005403}4888C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003526Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:21:00.761{C36AC009-053C-65EF-E506-000000005403}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003525Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:21:00.003{C36AC009-053C-65EF-E406-000000005403}5032C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003524Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:20:03.024{C36AC009-0503-65EF-E306-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003523Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:20:02.254{C36AC009-0502-65EF-E206-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003522Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:20:01.489{C36AC009-0501-65EF-E106-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003521Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:20:00.766{C36AC009-0500-65EF-E006-000000005403}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003520Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:19:59.995{C36AC009-04FF-65EF-DF06-000000005403}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003518Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:19:10.570{C36AC009-04CE-65EF-DE06-000000005403}1116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003517Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:19:10.530{C36AC009-04CE-65EF-DD06-000000005403}3060C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003516Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:19:10.494{C36AC009-04CE-65EF-DC06-000000005403}5116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003515Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:19:10.429{C36AC009-04CE-65EF-DA06-000000005403}4308C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003514Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:19:02.981{C36AC009-04C6-65EF-D906-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003513Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:19:02.226{C36AC009-04C6-65EF-D806-000000005403}3356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003512Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:19:01.486{C36AC009-04C5-65EF-D706-000000005403}4512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003511Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:19:00.752{C36AC009-04C4-65EF-D606-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003510Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:18:59.997{C36AC009-04C3-65EF-D506-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003509Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:18:02.913{C36AC009-048A-65EF-D406-000000005403}2828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003508Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:18:02.266{C36AC009-048A-65EF-D306-000000005403}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003507Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:18:01.500{C36AC009-0489-65EF-D206-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003506Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:18:00.744{C36AC009-0488-65EF-D106-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003505Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:17:59.989{C36AC009-0487-65EF-D006-000000005403}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003504Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:17:03.023{C36AC009-044F-65EF-CF06-000000005403}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003503Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:17:02.262{C36AC009-044E-65EF-CE06-000000005403}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003502Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:17:01.512{C36AC009-044D-65EF-CD06-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003501Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:17:00.740{C36AC009-044C-65EF-CC06-000000005403}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003500Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:16:59.984{C36AC009-044B-65EF-CB06-000000005403}3588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003499Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:16:03.027{C36AC009-0413-65EF-CA06-000000005403}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003498Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:16:02.271{C36AC009-0412-65EF-C906-000000005403}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003497Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:16:01.514{C36AC009-0411-65EF-C806-000000005403}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003496Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:16:00.749{C36AC009-0410-65EF-C706-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003495Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:15:59.976{C36AC009-040F-65EF-C606-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003494Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:15:02.951{C36AC009-03D6-65EF-C506-000000005403}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003493Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:15:02.193{C36AC009-03D6-65EF-C406-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003492Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:15:01.437{C36AC009-03D5-65EF-C306-000000005403}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003491Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:15:00.733{C36AC009-03D4-65EF-C206-000000005403}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003490Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:14:59.976{C36AC009-03D3-65EF-C106-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003489Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:14:10.558{C36AC009-03A2-65EF-C006-000000005403}3148C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003488Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:14:10.518{C36AC009-03A2-65EF-BF06-000000005403}212C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003487Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:14:10.481{C36AC009-03A2-65EF-BE06-000000005403}4268C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003486Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:14:10.417{C36AC009-03A2-65EF-BC06-000000005403}5004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003485Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:14:02.913{C36AC009-039A-65EF-BB06-000000005403}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003484Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:14:02.163{C36AC009-039A-65EF-BA06-000000005403}1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003483Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:14:01.398{C36AC009-0399-65EF-B906-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003482Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:14:00.710{C36AC009-0398-65EF-B806-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003481Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:13:59.960{C36AC009-0397-65EF-B706-000000005403}4652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003480Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:13:02.965{C36AC009-035E-65EF-B606-000000005403}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003479Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:13:02.214{C36AC009-035E-65EF-B506-000000005403}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003478Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:13:01.463{C36AC009-035D-65EF-B406-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003477Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:13:00.713{C36AC009-035C-65EF-B306-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003476Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:12:59.955{C36AC009-035B-65EF-B206-000000005403}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003474Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:12:02.867{C36AC009-0322-65EF-B106-000000005403}4892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003473Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:12:02.227{C36AC009-0322-65EF-B006-000000005403}1872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003472Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:12:01.467{C36AC009-0321-65EF-AF06-000000005403}4644C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003471Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:12:00.708{C36AC009-0320-65EF-AE06-000000005403}1868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003470Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:11:59.942{C36AC009-031F-65EF-AD06-000000005403}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003469Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:11:02.960{C36AC009-02E6-65EF-AC06-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003468Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:11:02.208{C36AC009-02E6-65EF-AB06-000000005403}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003467Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:11:01.448{C36AC009-02E5-65EF-AA06-000000005403}1796C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003466Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:11:00.683{C36AC009-02E4-65EF-A906-000000005403}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003465Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:10:59.923{C36AC009-02E3-65EF-A806-000000005403}380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003464Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:10:02.880{C36AC009-02AA-65EF-A706-000000005403}4856C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003463Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:10:02.134{C36AC009-02AA-65EF-A606-000000005403}4532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003462Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:10:01.378{C36AC009-02A9-65EF-A506-000000005403}4816C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003461Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:10:00.667{C36AC009-02A8-65EF-A406-000000005403}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003460Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:09:59.917{C36AC009-02A7-65EF-A306-000000005403}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003459Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:09:10.541{C36AC009-0276-65EF-A206-000000005403}1004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003458Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:09:10.502{C36AC009-0276-65EF-A106-000000005403}3436C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003457Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:09:10.466{C36AC009-0276-65EF-A006-000000005403}3440C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003456Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:09:10.400{C36AC009-0276-65EF-9E06-000000005403}2908C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003455Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:09:02.883{C36AC009-026E-65EF-9D06-000000005403}2152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003454Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:09:02.118{C36AC009-026E-65EF-9C06-000000005403}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003453Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:09:01.347{C36AC009-026D-65EF-9B06-000000005403}3332C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003452Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:09:00.663{C36AC009-026C-65EF-9A06-000000005403}4940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003451Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:08:59.906{C36AC009-026B-65EF-9906-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003449Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:08:02.810{C36AC009-0232-65EF-9806-000000005403}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003448Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:08:02.185{C36AC009-0232-65EF-9706-000000005403}2176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003447Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:08:01.423{C36AC009-0231-65EF-9606-000000005403}4328C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003446Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:08:00.662{C36AC009-0230-65EF-9506-000000005403}3048C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003445Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:07:59.896{C36AC009-022F-65EF-9406-000000005403}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003443Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:07:02.761{C36AC009-01F6-65EF-9306-000000005403}4472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003442Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:07:01.996{C36AC009-01F5-65EF-9206-000000005403}3656C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003441Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:07:01.234{C36AC009-01F5-65EF-9106-000000005403}4744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003440Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:07:00.628{C36AC009-01F4-65EF-9006-000000005403}4912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003439Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:06:59.878{C36AC009-01F3-65EF-8F06-000000005403}3288C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003438Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:06:02.932{C36AC009-01BA-65EF-8E06-000000005403}4988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003437Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:06:02.169{C36AC009-01BA-65EF-8D06-000000005403}4340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003436Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:06:01.391{C36AC009-01B9-65EF-8C06-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003435Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:06:00.628{C36AC009-01B8-65EF-8B06-000000005403}2100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003434Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:05:59.863{C36AC009-01B7-65EF-8A06-000000005403}1732C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003433Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:05:02.760{C36AC009-017E-65EF-8906-000000005403}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003432Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:05:02.123{C36AC009-017E-65EF-8806-000000005403}2980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003431Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:05:01.373{C36AC009-017D-65EF-8706-000000005403}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003430Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:05:00.610{C36AC009-017C-65EF-8606-000000005403}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003429Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:04:59.846{C36AC009-017B-65EF-8506-000000005403}364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003428Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:04:10.535{C36AC009-014A-65EF-8406-000000005403}3152C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003427Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:04:10.495{C36AC009-014A-65EF-8306-000000005403}3452C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003426Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:04:10.460{C36AC009-014A-65EF-8206-000000005403}2448C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003425Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:04:10.395{C36AC009-014A-65EF-8006-000000005403}1228C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003424Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:04:02.867{C36AC009-0142-65EF-7F06-000000005403}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003423Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:04:02.117{C36AC009-0142-65EF-7E06-000000005403}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003422Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:04:01.353{C36AC009-0141-65EF-7D06-000000005403}1476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003421Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:04:00.589{C36AC009-0140-65EF-7C06-000000005403}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003420Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:03:59.839{C36AC009-013F-65EF-7B06-000000005403}4572C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003419Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:03:02.756{C36AC009-0106-65EF-7A06-000000005403}4352C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003418Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:03:01.991{C36AC009-0105-65EF-7906-000000005403}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003417Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:03:01.227{C36AC009-0105-65EF-7806-000000005403}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003416Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:03:00.601{C36AC009-0104-65EF-7706-000000005403}2808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003415Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:02:59.837{C36AC009-0103-65EF-7606-000000005403}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003413Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:02:02.789{C36AC009-00CA-65EF-7506-000000005403}4884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003412Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:02:02.085{C36AC009-00CA-65EF-7406-000000005403}2672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003411Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:02:01.336{C36AC009-00C9-65EF-7306-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003410Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:02:00.586{C36AC009-00C8-65EF-7206-000000005403}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003409Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:01:59.836{C36AC009-00C7-65EF-7106-000000005403}2448C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003407Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:01:02.844{C36AC009-008E-65EF-7006-000000005403}2076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003406Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:01:02.084{C36AC009-008E-65EF-6F06-000000005403}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003405Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:01:01.334{C36AC009-008D-65EF-6E06-000000005403}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003404Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:01:00.584{C36AC009-008C-65EF-6D06-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003403Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:00:59.819{C36AC009-008B-65EF-6C06-000000005403}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003402Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:00:02.719{C36AC009-0052-65EF-6B06-000000005403}2632C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003401Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:00:02.047{C36AC009-0052-65EF-6A06-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003400Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:00:01.295{C36AC009-0051-65EF-6906-000000005403}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003399Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 13:00:00.545{C36AC009-0050-65EF-6806-000000005403}2192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003398Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:59:59.795{C36AC009-004F-65EF-6706-000000005403}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003397Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:59:10.521{C36AC009-001E-65EF-6606-000000005403}2660C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003396Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:59:10.481{C36AC009-001E-65EF-6506-000000005403}1376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003395Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:59:10.445{C36AC009-001E-65EF-6406-000000005403}1776C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003394Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:59:10.380{C36AC009-001E-65EF-6206-000000005403}976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003393Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:59:02.812{C36AC009-0016-65EF-6106-000000005403}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003392Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:59:02.046{C36AC009-0016-65EF-6006-000000005403}1176C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003391Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:59:01.295{C36AC009-0015-65EF-5F06-000000005403}1336C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003390Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:59:00.531{C36AC009-0014-65EF-5E06-000000005403}4972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003389Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:58:59.781{C36AC009-0013-65EF-5D06-000000005403}4420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003388Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:58:02.801{C36AC009-FFDA-65EE-5C06-000000005403}2424C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003387Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:58:02.037{C36AC009-FFDA-65EE-5B06-000000005403}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003386Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:58:01.287{C36AC009-FFD9-65EE-5A06-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003385Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:58:00.521{C36AC009-FFD8-65EE-5906-000000005403}4668C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003384Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:57:59.765{C36AC009-FFD7-65EE-5806-000000005403}3576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003383Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:57:02.786{C36AC009-FF9E-65EE-5706-000000005403}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003382Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:57:02.034{C36AC009-FF9E-65EE-5606-000000005403}1952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003381Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:57:01.267{C36AC009-FF9D-65EE-5506-000000005403}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003380Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:57:00.515{C36AC009-FF9C-65EE-5406-000000005403}1052C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003379Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:56:59.760{C36AC009-FF9B-65EE-5306-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003378Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:56:02.786{C36AC009-FF62-65EE-5206-000000005403}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003377Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:56:02.017{C36AC009-FF62-65EE-5106-000000005403}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003376Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:56:01.267{C36AC009-FF61-65EE-5006-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003375Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:56:00.514{C36AC009-FF60-65EE-4F06-000000005403}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003374Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:55:59.757{C36AC009-FF5F-65EE-4E06-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003373Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:55:03.446{C36AC009-FF27-65EE-4D06-000000005403}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003372Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:55:02.708{C36AC009-FF26-65EE-4C06-000000005403}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003371Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:55:01.958{C36AC009-FF25-65EE-4B06-000000005403}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003370Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:55:01.219{C36AC009-FF25-65EE-4A06-000000005403}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003369Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:55:00.481{C36AC009-FF24-65EE-4906-000000005403}3448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003366Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:54:10.510{C36AC009-FEF2-65EE-4806-000000005403}1580C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003365Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:54:10.469{C36AC009-FEF2-65EE-4706-000000005403}4820C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003364Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:54:10.434{C36AC009-FEF2-65EE-4606-000000005403}3416C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003363Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:54:10.369{C36AC009-FEF2-65EE-4406-000000005403}4200C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003362Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:54:02.907{C36AC009-FEEA-65EE-4306-000000005403}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003361Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:54:02.168{C36AC009-FEEA-65EE-4206-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003360Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:54:01.414{C36AC009-FEE9-65EE-4106-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003359Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:54:00.679{C36AC009-FEE8-65EE-4006-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003358Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:53:59.946{C36AC009-FEE7-65EE-3F06-000000005403}3348C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003357Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:53:02.975{C36AC009-FEAE-65EE-3E06-000000005403}892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003356Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:53:02.240{C36AC009-FEAE-65EE-3D06-000000005403}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003355Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:53:01.490{C36AC009-FEAD-65EE-3C06-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003354Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:53:00.746{C36AC009-FEAC-65EE-3B06-000000005403}1724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003353Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:53:00.012{C36AC009-FEAC-65EE-3A06-000000005403}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003351Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:52:02.437{C36AC009-FE72-65EE-3906-000000005403}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003350Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:52:01.697{C36AC009-FE71-65EE-3806-000000005403}4428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003349Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:52:00.942{C36AC009-FE70-65EE-3706-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003348Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:52:00.207{C36AC009-FE70-65EE-3606-000000005403}2116C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003347Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:51:59.467{C36AC009-FE6F-65EE-3506-000000005403}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003345Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:51:02.388{C36AC009-FE36-65EE-3406-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003344Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:51:01.654{C36AC009-FE35-65EE-3306-000000005403}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003343Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:51:00.914{C36AC009-FE34-65EE-3206-000000005403}4608C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003342Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:51:00.158{C36AC009-FE34-65EE-3106-000000005403}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003341Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:50:59.423{C36AC009-FE33-65EE-3006-000000005403}4712C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003340Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:50:01.957{C36AC009-FDF9-65EE-2F06-000000005403}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003339Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:50:01.216{C36AC009-FDF9-65EE-2E06-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003338Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:50:00.475{C36AC009-FDF8-65EE-2D06-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003337Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:49:59.725{C36AC009-FDF7-65EE-2C06-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003336Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:49:58.983{C36AC009-FDF6-65EE-2B06-000000005403}4416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003334Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:49:10.499{C36AC009-FDC6-65EE-2A06-000000005403}3476C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003333Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:49:10.458{C36AC009-FDC6-65EE-2906-000000005403}2900C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003332Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:49:10.422{C36AC009-FDC6-65EE-2806-000000005403}4808C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003331Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:49:10.356{C36AC009-FDC6-65EE-2606-000000005403}588C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003330Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:49:01.956{C36AC009-FDBD-65EE-2506-000000005403}4560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003329Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:49:01.221{C36AC009-FDBD-65EE-2406-000000005403}4200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003328Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:49:00.479{C36AC009-FDBC-65EE-2306-000000005403}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003327Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:48:59.738{C36AC009-FDBB-65EE-2206-000000005403}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003326Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:48:58.988{C36AC009-FDBA-65EE-2106-000000005403}3376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003324Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:48:01.430{C36AC009-FD81-65EE-2006-000000005403}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003323Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:48:00.681{C36AC009-FD80-65EE-1F06-000000005403}4544C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003322Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:47:59.938{C36AC009-FD7F-65EE-1E06-000000005403}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003321Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:47:59.195{C36AC009-FD7F-65EE-1D06-000000005403}2192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003320Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:47:58.461{C36AC009-FD7E-65EE-1C06-000000005403}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003318Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:47:01.436{C36AC009-FD45-65EE-1A06-000000005403}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003317Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:47:00.692{C36AC009-FD44-65EE-1906-000000005403}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003316Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:46:59.958{C36AC009-FD43-65EE-1806-000000005403}4536C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003315Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:46:59.215{C36AC009-FD43-65EE-1706-000000005403}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003314Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:46:58.465{C36AC009-FD42-65EE-1606-000000005403}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003312Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:46:00.949{C36AC009-FD08-65EE-1506-000000005403}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003311Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:46:00.205{C36AC009-FD08-65EE-1406-000000005403}4628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003310Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:45:59.470{C36AC009-FD07-65EE-1306-000000005403}3592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003309Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:45:58.726{C36AC009-FD06-65EE-1206-000000005403}4360C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003308Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:45:57.982{C36AC009-FD05-65EE-1106-000000005403}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003307Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:45:00.905{C36AC009-FCCC-65EE-1006-000000005403}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003306Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:45:00.171{C36AC009-FCCC-65EE-0F06-000000005403}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003305Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:44:59.427{C36AC009-FCCB-65EE-0E06-000000005403}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003304Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:44:58.683{C36AC009-FCCA-65EE-0D06-000000005403}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003303Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:44:57.948{C36AC009-FCC9-65EE-0C06-000000005403}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003301Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:44:10.482{C36AC009-FC9A-65EE-0B06-000000005403}4796C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003300Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:44:10.441{C36AC009-FC9A-65EE-0A06-000000005403}2960C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003299Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:44:10.405{C36AC009-FC9A-65EE-0906-000000005403}4852C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003298Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:44:10.339{C36AC009-FC9A-65EE-0706-000000005403}1504C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003297Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:44:00.477{C36AC009-FC90-65EE-0606-000000005403}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003296Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:43:59.732{C36AC009-FC8F-65EE-0506-000000005403}4484C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003295Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:43:58.982{C36AC009-FC8E-65EE-0406-000000005403}4596C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003294Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:43:58.253{C36AC009-FC8E-65EE-0306-000000005403}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003293Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:43:57.510{C36AC009-FC8D-65EE-0206-000000005403}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003291Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:43:00.544{C36AC009-FC54-65EE-0106-000000005403}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003290Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:42:59.807{C36AC009-FC53-65EE-0006-000000005403}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003289Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:42:59.062{C36AC009-FC53-65EE-FF05-000000005403}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003288Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:42:58.327{C36AC009-FC52-65EE-FE05-000000005403}3368C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003287Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:42:57.582{C36AC009-FC51-65EE-FD05-000000005403}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003284Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:42:00.013{C36AC009-FC18-65EE-FC05-000000005403}2012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003283Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:41:59.267{C36AC009-FC17-65EE-FB05-000000005403}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003282Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:41:58.532{C36AC009-FC16-65EE-FA05-000000005403}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003281Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:41:57.787{C36AC009-FC15-65EE-F905-000000005403}2056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003280Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:41:57.041{C36AC009-FC15-65EE-F805-000000005403}3836C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003279Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:40:59.217{C36AC009-FBDB-65EE-F705-000000005403}4876C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003278Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:40:58.470{C36AC009-FBDA-65EE-F605-000000005403}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003277Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:40:57.737{C36AC009-FBD9-65EE-F505-000000005403}2124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003276Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:40:56.990{C36AC009-FBD8-65EE-F405-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003275Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:40:56.245{C36AC009-FBD8-65EE-F305-000000005403}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003266Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:40:00.051{C36AC009-FBA0-65EE-F205-000000005403}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003264Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:39:59.314{C36AC009-FB9F-65EE-F105-000000005403}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003263Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:39:58.409{C36AC009-FB9E-65EE-F005-000000005403}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003262Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:39:57.645{C36AC009-FB9D-65EE-EF05-000000005403}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003261Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:39:56.943{C36AC009-FB9C-65EE-EE05-000000005403}4132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe9.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=D4A01A34CB462A5ADD183B781180FE24,SHA256=CE12A30F916D7CCD57C024B6991DC4D5A80596B187E06FD3E34E0405D19D1714,IMPHASH=0B3917FB5306BF16B3F2D78E6FD4AC61{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003260Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:39:56.249{C36AC009-FB9C-65EE-ED05-000000005403}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003259Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:39:10.477{C36AC009-FB6E-65EE-EC05-000000005403}3088C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003258Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:39:10.436{C36AC009-FB6E-65EE-EB05-000000005403}2040C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003257Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:39:10.399{C36AC009-FB6E-65EE-EA05-000000005403}1960C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003256Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:39:10.334{C36AC009-FB6E-65EE-E805-000000005403}376C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003239Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:34:10.467{C36AC009-FA42-65EE-E705-000000005403}4464C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003238Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:34:10.427{C36AC009-FA42-65EE-E605-000000005403}428C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003237Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:34:10.390{C36AC009-FA42-65EE-E505-000000005403}1500C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003236Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:34:10.324{C36AC009-FA42-65EE-E305-000000005403}4020C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003232Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:29:10.450{C36AC009-F916-65EE-E205-000000005403}1964C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003231Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:29:10.409{C36AC009-F916-65EE-E105-000000005403}3360C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003230Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:29:10.372{C36AC009-F916-65EE-E005-000000005403}4396C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003229Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:29:10.306{C36AC009-F916-65EE-DE05-000000005403}2156C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003220Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:24:10.430{C36AC009-F7EA-65EE-DD05-000000005403}2504C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003219Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:24:10.391{C36AC009-F7EA-65EE-DC05-000000005403}4224C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003218Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:24:10.354{C36AC009-F7EA-65EE-DB05-000000005403}5016C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000003217Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:24:10.289{C36AC009-F7EA-65EE-D905-000000005403}4720C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002966Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:19:10.424{C36AC009-F6BE-65EE-A802-000000005403}4760C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002965Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:19:10.382{C36AC009-F6BE-65EE-A702-000000005403}4252C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002964Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:19:10.344{C36AC009-F6BE-65EE-A602-000000005403}2348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002963Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:19:10.276{C36AC009-F6BE-65EE-A302-000000005403}428C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002882Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:17:12.501{C36AC009-F648-65EE-9701-000000005403}4304C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe4.8.4330.0 built by: NET48REL1LAST_BMicrosoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:100C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=196F531423F864F990B24F3D3AFA9AA1,SHA256=353C8C617C87A56F93C9914E219BE4E30A45A0DEA8D98BF34C6BD81A6A287916,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{C36AC009-F648-65EE-8F01-000000005403}4560C:\Windows\System32\taskhostw.exetaskhostw.exe /RuntimeWideNT AUTHORITY\SYSTEM 154100x80000000000000002881Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:17:12.494{C36AC009-F648-65EE-9501-000000005403}356C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe4.8.4330.0 built by: NET48REL1LAST_BMicrosoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:896C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=D2DDF021EE6A8A649FB58F6DD05EDED7,SHA256=AC1B312B5D048DAC81327CF083BDEF2966AA883208455490E73D6E34C932B7D9,IMPHASH=00000000000000000000000000000000{C36AC009-F648-65EE-8F01-000000005403}4560C:\Windows\System32\taskhostw.exetaskhostw.exe /RuntimeWideNT AUTHORITY\SYSTEM 154100x80000000000000002867Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:14:10.383{C36AC009-F592-65EE-8C01-000000005403}4480C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002866Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:14:10.343{C36AC009-F592-65EE-8B01-000000005403}428C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002865Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:14:10.307{C36AC009-F592-65EE-8A01-000000005403}4644C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002864Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:14:10.242{C36AC009-F592-65EE-8801-000000005403}5004C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002856Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:14:01.059{C36AC009-F589-65EE-8701-000000005403}4664C:\Windows\System32\HOSTNAME.EXE10.0.14393.0 (rs1_release.160715-1616)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F587-65EE-417C-0F0000000000}0xf7c410HighMD5=1088BA1BF7CDDFF61ECC51BC0C02FDEF,SHA256=B8DA5A3AE4371E63DFD2F468E29CC23AA6F98A6A357A67955996F8F61E58FBA1,IMPHASH=D210D728CB9D45B4D1827BCE52F7EC6E{C36AC009-F588-65EE-8301-000000005403}3696C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsACAAPQAgAFsATgBlAHQALgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsAFQAeQBwAGUAXQA6ADoAVABsAHMALAAgAFsATgBlAHQALgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsAFQAeQBwAGUAXQA6ADoAVABsAHMAMQAxACwAIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgAsACAAWwBOAGUAdAAuAFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAVAB5AHAAZQBdADoAOgBTAHMAbAAzAAoAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIAAnAFQAbABzACwAIABUAGwAcwAxADEALAAgAFQAbABzADEAMgAsACAAUwBzAGwAMwAnAAoASQBmACAAKAAtAG4AbwB0ACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAGMAOgBcAFQAbwBvAGwAcwBcAFAAdQByAHAAbABlAFMAaABhAHIAcAApACkAIAB7ACAATgBlAHcALQBJAHQAZQBtACAALQBQAGEAdABoACAAYwA6AFwAVABvAG8AbABzAFwAIAAtAE4AYQBtAGUAIABQAHUAcgBwAGwAZQBTAGgAYQByAHAAIAAtAEkAdABlAG0AVAB5AHAAZQAgAGQAaQByAGUAYwB0AG8AcgB5ACAAfQAKACQAdABhAGcAIAA9ACAAKABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHAAaQAuAGcAaQB0AGgAdQBiAC4AYwBvAG0ALwByAGUAcABvAHMALwBtAHYAZQBsAGEAegBjADAALwBQAHUAcgBwAGwAZQBTAGgAYQByAHAALwByAGUAbABlAGEAcwBlAHMAJwAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABGAHIAbwBtAC0ASgBzAG8AbgApAFsAMABdAC4AdABhAGcAXwBuAGEAbQBlAAoAJABwAHUAcgBwAGwAZQBzAGgAYQByAHAARABvAHcAbgBsAG8AYQBkAFUAcgBsACAAPQAgACcAaAB0AHQAcABzADoALwAvAGcAaQB0AGgAdQBiAC4AYwBvAG0ALwBtAHYAZQBsAGEAegBjADAALwBQAHUAcgBwAGwAZQBTAGgAYQByAHAALwByAGUAbABlAGEAcwBlAHMALwBkAG8AdwBuAGwAbwBhAGQALwAnACAAKwAgACQAdABhAGcAIAArACAAJwAvAFAAdQByAHAAbABlAFMAaABhAHIAcABfAHgANgA0AC4AZQB4AGUAJwAKAEkAZgAgACgALQBuAG8AdAAgACgAVABlAHMAdAAtAFAAYQB0AGgAIABjADoAXABUAG8AbwBsAHMAXABQAHUAcgBwAGwAZQBTAGgAYQByAHAAXABQAHUAcgBwAGwAZQBTAGgAYQByAHAALgBlAHgAZQApACkAIAB7ACAASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAcAB1AHIAcABsAGUAcwBoAGEAcgBwAEQAbwB3AG4AbABvAGEAZABVAHIAbAAgAC0ATwB1AHQARgBpAGwAZQAgAGMAOgBcAFQAbwBvAGwAcwBcAFAAdQByAHAAbABlAFMAaABhAHIAcABcAFAAdQByAHAAbABlAFMAaABhAHIAcAAuAGUAeABlACAAfQA=ATTACKRANGE\Administrator 154100x80000000000000002855Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:14:00.994{C36AC009-F588-65EE-8601-000000005403}4716C:\Windows\System32\HOSTNAME.EXE10.0.14393.0 (rs1_release.160715-1616)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F587-65EE-417C-0F0000000000}0xf7c410HighMD5=1088BA1BF7CDDFF61ECC51BC0C02FDEF,SHA256=B8DA5A3AE4371E63DFD2F468E29CC23AA6F98A6A357A67955996F8F61E58FBA1,IMPHASH=D210D728CB9D45B4D1827BCE52F7EC6E{C36AC009-F588-65EE-8301-000000005403}3696C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsACAAPQAgAFsATgBlAHQALgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsAFQAeQBwAGUAXQA6ADoAVABsAHMALAAgAFsATgBlAHQALgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsAFQAeQBwAGUAXQA6ADoAVABsAHMAMQAxACwAIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgAsACAAWwBOAGUAdAAuAFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAVAB5AHAAZQBdADoAOgBTAHMAbAAzAAoAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIAAnAFQAbABzACwAIABUAGwAcwAxADEALAAgAFQAbABzADEAMgAsACAAUwBzAGwAMwAnAAoASQBmACAAKAAtAG4AbwB0ACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAGMAOgBcAFQAbwBvAGwAcwBcAFAAdQByAHAAbABlAFMAaABhAHIAcAApACkAIAB7ACAATgBlAHcALQBJAHQAZQBtACAALQBQAGEAdABoACAAYwA6AFwAVABvAG8AbABzAFwAIAAtAE4AYQBtAGUAIABQAHUAcgBwAGwAZQBTAGgAYQByAHAAIAAtAEkAdABlAG0AVAB5AHAAZQAgAGQAaQByAGUAYwB0AG8AcgB5ACAAfQAKACQAdABhAGcAIAA9ACAAKABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHAAaQAuAGcAaQB0AGgAdQBiAC4AYwBvAG0ALwByAGUAcABvAHMALwBtAHYAZQBsAGEAegBjADAALwBQAHUAcgBwAGwAZQBTAGgAYQByAHAALwByAGUAbABlAGEAcwBlAHMAJwAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABGAHIAbwBtAC0ASgBzAG8AbgApAFsAMABdAC4AdABhAGcAXwBuAGEAbQBlAAoAJABwAHUAcgBwAGwAZQBzAGgAYQByAHAARABvAHcAbgBsAG8AYQBkAFUAcgBsACAAPQAgACcAaAB0AHQAcABzADoALwAvAGcAaQB0AGgAdQBiAC4AYwBvAG0ALwBtAHYAZQBsAGEAegBjADAALwBQAHUAcgBwAGwAZQBTAGgAYQByAHAALwByAGUAbABlAGEAcwBlAHMALwBkAG8AdwBuAGwAbwBhAGQALwAnACAAKwAgACQAdABhAGcAIAArACAAJwAvAFAAdQByAHAAbABlAFMAaABhAHIAcABfAHgANgA0AC4AZQB4AGUAJwAKAEkAZgAgACgALQBuAG8AdAAgACgAVABlAHMAdAAtAFAAYQB0AGgAIABjADoAXABUAG8AbwBsAHMAXABQAHUAcgBwAGwAZQBTAGgAYQByAHAAXABQAHUAcgBwAGwAZQBTAGgAYQByAHAALgBlAHgAZQApACkAIAB7ACAASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAcAB1AHIAcABsAGUAcwBoAGEAcgBwAEQAbwB3AG4AbABvAGEAZABVAHIAbAAgAC0ATwB1AHQARgBpAGwAZQAgAGMAOgBcAFQAbwBvAGwAcwBcAFAAdQByAHAAbABlAFMAaABhAHIAcABcAFAAdQByAHAAbABlAFMAaABhAHIAcAAuAGUAeABlACAAfQA=ATTACKRANGE\Administrator 154100x80000000000000002853Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:14:00.960{C36AC009-F588-65EE-8501-000000005403}4360C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES5A86.tmp" "c:\Users\Administrator\AppData\Local\Temp\uiej4uep\CSCC736B0FF5D6B4E68B48A2C5625D7E65.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F587-65EE-417C-0F0000000000}0xf7c410HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F588-65EE-8401-000000005403}3368C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\uiej4uep\uiej4uep.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002852Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:14:00.905{C36AC009-F588-65EE-8401-000000005403}3368C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\uiej4uep\uiej4uep.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F587-65EE-417C-0F0000000000}0xf7c410HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F588-65EE-8301-000000005403}3696C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsACAAPQAgAFsATgBlAHQALgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsAFQAeQBwAGUAXQA6ADoAVABsAHMALAAgAFsATgBlAHQALgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsAFQAeQBwAGUAXQA6ADoAVABsAHMAMQAxACwAIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgAsACAAWwBOAGUAdAAuAFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAVAB5AHAAZQBdADoAOgBTAHMAbAAzAAoAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIAAnAFQAbABzACwAIABUAGwAcwAxADEALAAgAFQAbABzADEAMgAsACAAUwBzAGwAMwAnAAoASQBmACAAKAAtAG4AbwB0ACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAGMAOgBcAFQAbwBvAGwAcwBcAFAAdQByAHAAbABlAFMAaABhAHIAcAApACkAIAB7ACAATgBlAHcALQBJAHQAZQBtACAALQBQAGEAdABoACAAYwA6AFwAVABvAG8AbABzAFwAIAAtAE4AYQBtAGUAIABQAHUAcgBwAGwAZQBTAGgAYQByAHAAIAAtAEkAdABlAG0AVAB5AHAAZQAgAGQAaQByAGUAYwB0AG8AcgB5ACAAfQAKACQAdABhAGcAIAA9ACAAKABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHAAaQAuAGcAaQB0AGgAdQBiAC4AYwBvAG0ALwByAGUAcABvAHMALwBtAHYAZQBsAGEAegBjADAALwBQAHUAcgBwAGwAZQBTAGgAYQByAHAALwByAGUAbABlAGEAcwBlAHMAJwAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABGAHIAbwBtAC0ASgBzAG8AbgApAFsAMABdAC4AdABhAGcAXwBuAGEAbQBlAAoAJABwAHUAcgBwAGwAZQBzAGgAYQByAHAARABvAHcAbgBsAG8AYQBkAFUAcgBsACAAPQAgACcAaAB0AHQAcABzADoALwAvAGcAaQB0AGgAdQBiAC4AYwBvAG0ALwBtAHYAZQBsAGEAegBjADAALwBQAHUAcgBwAGwAZQBTAGgAYQByAHAALwByAGUAbABlAGEAcwBlAHMALwBkAG8AdwBuAGwAbwBhAGQALwAnACAAKwAgACQAdABhAGcAIAArACAAJwAvAFAAdQByAHAAbABlAFMAaABhAHIAcABfAHgANgA0AC4AZQB4AGUAJwAKAEkAZgAgACgALQBuAG8AdAAgACgAVABlAHMAdAAtAFAAYQB0AGgAIABjADoAXABUAG8AbwBsAHMAXABQAHUAcgBwAGwAZQBTAGgAYQByAHAAXABQAHUAcgBwAGwAZQBTAGgAYQByAHAALgBlAHgAZQApACkAIAB7ACAASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAcAB1AHIAcABsAGUAcwBoAGEAcgBwAEQAbwB3AG4AbABvAGEAZABVAHIAbAAgAC0ATwB1AHQARgBpAGwAZQAgAGMAOgBcAFQAbwBvAGwAcwBcAFAAdQByAHAAbABlAFMAaABhAHIAcABcAFAAdQByAHAAbABlAFMAaABhAHIAcAAuAGUAeABlACAAfQA=ATTACKRANGE\Administrator 154100x80000000000000002848Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:14:00.582{C36AC009-F588-65EE-8301-000000005403}3696C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABbAE4AZQB0AC4AUwBlAHIAdgBpAGMAZQBQAG8AaQBuAHQATQBhAG4AYQBnAGUAcgBdADoAOgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsACAAPQAgAFsATgBlAHQALgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsAFQAeQBwAGUAXQA6ADoAVABsAHMALAAgAFsATgBlAHQALgBTAGUAYwB1AHIAaQB0AHkAUAByAG8AdABvAGMAbwBsAFQAeQBwAGUAXQA6ADoAVABsAHMAMQAxACwAIABbAE4AZQB0AC4AUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbABUAHkAcABlAF0AOgA6AFQAbABzADEAMgAsACAAWwBOAGUAdAAuAFMAZQBjAHUAcgBpAHQAeQBQAHIAbwB0AG8AYwBvAGwAVAB5AHAAZQBdADoAOgBTAHMAbAAzAAoAWwBOAGUAdAAuAFMAZQByAHYAaQBjAGUAUABvAGkAbgB0AE0AYQBuAGEAZwBlAHIAXQA6ADoAUwBlAGMAdQByAGkAdAB5AFAAcgBvAHQAbwBjAG8AbAAgAD0AIAAnAFQAbABzACwAIABUAGwAcwAxADEALAAgAFQAbABzADEAMgAsACAAUwBzAGwAMwAnAAoASQBmACAAKAAtAG4AbwB0ACAAKABUAGUAcwB0AC0AUABhAHQAaAAgAGMAOgBcAFQAbwBvAGwAcwBcAFAAdQByAHAAbABlAFMAaABhAHIAcAApACkAIAB7ACAATgBlAHcALQBJAHQAZQBtACAALQBQAGEAdABoACAAYwA6AFwAVABvAG8AbABzAFwAIAAtAE4AYQBtAGUAIABQAHUAcgBwAGwAZQBTAGgAYQByAHAAIAAtAEkAdABlAG0AVAB5AHAAZQAgAGQAaQByAGUAYwB0AG8AcgB5ACAAfQAKACQAdABhAGcAIAA9ACAAKABJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAnAGgAdAB0AHAAcwA6AC8ALwBhAHAAaQAuAGcAaQB0AGgAdQBiAC4AYwBvAG0ALwByAGUAcABvAHMALwBtAHYAZQBsAGEAegBjADAALwBQAHUAcgBwAGwAZQBTAGgAYQByAHAALwByAGUAbABlAGEAcwBlAHMAJwAgAC0AVQBzAGUAQgBhAHMAaQBjAFAAYQByAHMAaQBuAGcAIAB8ACAAQwBvAG4AdgBlAHIAdABGAHIAbwBtAC0ASgBzAG8AbgApAFsAMABdAC4AdABhAGcAXwBuAGEAbQBlAAoAJABwAHUAcgBwAGwAZQBzAGgAYQByAHAARABvAHcAbgBsAG8AYQBkAFUAcgBsACAAPQAgACcAaAB0AHQAcABzADoALwAvAGcAaQB0AGgAdQBiAC4AYwBvAG0ALwBtAHYAZQBsAGEAegBjADAALwBQAHUAcgBwAGwAZQBTAGgAYQByAHAALwByAGUAbABlAGEAcwBlAHMALwBkAG8AdwBuAGwAbwBhAGQALwAnACAAKwAgACQAdABhAGcAIAArACAAJwAvAFAAdQByAHAAbABlAFMAaABhAHIAcABfAHgANgA0AC4AZQB4AGUAJwAKAEkAZgAgACgALQBuAG8AdAAgACgAVABlAHMAdAAtAFAAYQB0AGgAIABjADoAXABUAG8AbwBsAHMAXABQAHUAcgBwAGwAZQBTAGgAYQByAHAAXABQAHUAcgBwAGwAZQBTAGgAYQByAHAALgBlAHgAZQApACkAIAB7ACAASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACQAcAB1AHIAcABsAGUAcwBoAGEAcgBwAEQAbwB3AG4AbABvAGEAZABVAHIAbAAgAC0ATwB1AHQARgBpAGwAZQAgAGMAOgBcAFQAbwBvAGwAcwBcAFAAdQByAHAAbABlAFMAaABhAHIAcABcAFAAdQByAHAAbABlAFMAaABhAHIAcAAuAGUAeABlACAAfQA=C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F587-65EE-417C-0F0000000000}0xf7c410HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F587-65EE-7F01-000000005403}4140C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002846Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:14:00.387{C36AC009-F588-65EE-8201-000000005403}856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES5844.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC452B10233E894D7ABD4C2FF6E73D7AA8.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F587-65EE-417C-0F0000000000}0xf7c410HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F588-65EE-8101-000000005403}4336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\k3cau0le.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002845Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:14:00.308{C36AC009-F588-65EE-8101-000000005403}4336C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\k3cau0le.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F587-65EE-417C-0F0000000000}0xf7c410HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F587-65EE-7F01-000000005403}4140C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002842Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:59.593{C36AC009-F587-65EE-8001-000000005403}944C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F587-65EE-417C-0F0000000000}0xf7c410HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F587-65EE-7F01-000000005403}4140C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002840Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:59.476{C36AC009-F587-65EE-7F01-000000005403}4140C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F587-65EE-417C-0F0000000000}0xf7c410HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F587-65EE-7E01-000000005403}4268C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002838Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:59.366{C36AC009-F587-65EE-7E01-000000005403}4268C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F587-65EE-417C-0F0000000000}0xf7c410HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F587-65EE-7D01-000000005403}3864C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002837Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:59.361{C36AC009-F587-65EE-7D01-000000005403}3864C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F587-65EE-417C-0F0000000000}0xf7c410HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F587-65EE-7B01-000000005403}3784C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002836Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:59.137{C36AC009-F587-65EE-7B01-000000005403}3784C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C36AC009-F587-65EE-417C-0F0000000000}0xf7c410HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000002834Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:58.112{C36AC009-F586-65EE-7A01-000000005403}4300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANwAxADAAMQA1ADkAMgAzADUALgAxADcAMgAwADIAMQAtADIAMAAwADkAMgAtADEAMwA2ADMANQA5ADMAMAAyADUAMAAzADUAOAA3AFwALgAnACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F586-65EE-7901-000000005403}4308C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBuAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAHAAQQBIAE0AQQBkAEEAQgB5AEEARwBFAEEAZABBAEIAdgBBAEgASQBBAFgAQQBCAEIAQQBIAEEAQQBjAEEAQgBFAEEARwBFAEEAZABBAEIAaABBAEYAdwBBAFQAQQBCAHYAQQBHAE0AQQBZAFEAQgBzAEEARgB3AEEAVgBBAEIAbABBAEcAMABBAGMAQQBCAGMAQQBHAEUAQQBiAGcAQgB6AEEARwBrAEEAWQBnAEIAcwBBAEcAVQBBAEwAUQBCADAAQQBHADAAQQBjAEEAQQB0AEEARABFAEEATgB3AEEAeABBAEQAQQBBAE0AUQBBADEAQQBEAGsAQQBNAGcAQQB6AEEARABVAEEATABnAEEAeABBAEQAYwBBAE0AZwBBAHcAQQBEAEkAQQBNAFEAQQB0AEEARABJAEEATQBBAEEAdwBBAEQAawBBAE0AZwBBAHQAQQBEAEUAQQBNAHcAQQAyAEEARABNAEEATgBRAEEANQBBAEQATQBBAE0AQQBBAHkAQQBEAFUAQQBNAEEAQQB6AEEARABVAEEATwBBAEEAMwBBAEYAdwBBAEwAZwBBAG4AQQBDAEEAQQBMAFEAQgBHAEEARwA4AEEAYwBnAEIAagBBAEcAVQBBAEkAQQBBAHQAQQBGAEkAQQBaAFEAQgBqAEEASABVAEEAYwBnAEIAegBBAEcAVQBBAE8AdwBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0AATTACKRANGE\Administrator 154100x80000000000000002832Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:58.002{C36AC009-F586-65EE-7901-000000005403}4308C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBuAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAHAAQQBIAE0AQQBkAEEAQgB5AEEARwBFAEEAZABBAEIAdgBBAEgASQBBAFgAQQBCAEIAQQBIAEEAQQBjAEEAQgBFAEEARwBFAEEAZABBAEIAaABBAEYAdwBBAFQAQQBCAHYAQQBHAE0AQQBZAFEAQgBzAEEARgB3AEEAVgBBAEIAbABBAEcAMABBAGMAQQBCAGMAQQBHAEUAQQBiAGcAQgB6AEEARwBrAEEAWQBnAEIAcwBBAEcAVQBBAEwAUQBCADAAQQBHADAAQQBjAEEAQQB0AEEARABFAEEATgB3AEEAeABBAEQAQQBBAE0AUQBBADEAQQBEAGsAQQBNAGcAQQB6AEEARABVAEEATABnAEEAeABBAEQAYwBBAE0AZwBBAHcAQQBEAEkAQQBNAFEAQQB0AEEARABJAEEATQBBAEEAdwBBAEQAawBBAE0AZwBBAHQAQQBEAEUAQQBNAHcAQQAyAEEARABNAEEATgBRAEEANQBBAEQATQBBAE0AQQBBAHkAQQBEAFUAQQBNAEEAQQB6AEEARABVAEEATwBBAEEAMwBBAEYAdwBBAEwAZwBBAG4AQQBDAEEAQQBMAFEAQgBHAEEARwA4AEEAYwBnAEIAagBBAEcAVQBBAEkAQQBBAHQAQQBGAEkAQQBaAFEAQgBqAEEASABVAEEAYwBnAEIAegBBAEcAVQBBAE8AdwBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F585-65EE-7801-000000005403}4924C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBuAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAHAAQQBIAE0AQQBkAEEAQgB5AEEARwBFAEEAZABBAEIAdgBBAEgASQBBAFgAQQBCAEIAQQBIAEEAQQBjAEEAQgBFAEEARwBFAEEAZABBAEIAaABBAEYAdwBBAFQAQQBCAHYAQQBHAE0AQQBZAFEAQgBzAEEARgB3AEEAVgBBAEIAbABBAEcAMABBAGMAQQBCAGMAQQBHAEUAQQBiAGcAQgB6AEEARwBrAEEAWQBnAEIAcwBBAEcAVQBBAEwAUQBCADAAQQBHADAAQQBjAEEAQQB0AEEARABFAEEATgB3AEEAeABBAEQAQQBBAE0AUQBBADEAQQBEAGsAQQBNAGcAQQB6AEEARABVAEEATABnAEEAeABBAEQAYwBBAE0AZwBBAHcAQQBEAEkAQQBNAFEAQQB0AEEARABJAEEATQBBAEEAdwBBAEQAawBBAE0AZwBBAHQAQQBEAEUAQQBNAHcAQQAyAEEARABNAEEATgBRAEEANQBBAEQATQBBAE0AQQBBAHkAQQBEAFUAQQBNAEEAQQB6AEEARABVAEEATwBBAEEAMwBBAEYAdwBBAEwAZwBBAG4AQQBDAEEAQQBMAFEAQgBHAEEARwA4AEEAYwBnAEIAagBBAEcAVQBBAEkAQQBBAHQAQQBGAEkAQQBaAFEAQgBqAEEASABVAEEAYwBnAEIAegBBAEcAVQBBAE8AdwBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0AATTACKRANGE\Administrator 154100x80000000000000002831Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:57.998{C36AC009-F585-65EE-7801-000000005403}4924C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBuAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAHAAQQBIAE0AQQBkAEEAQgB5AEEARwBFAEEAZABBAEIAdgBBAEgASQBBAFgAQQBCAEIAQQBIAEEAQQBjAEEAQgBFAEEARwBFAEEAZABBAEIAaABBAEYAdwBBAFQAQQBCAHYAQQBHAE0AQQBZAFEAQgBzAEEARgB3AEEAVgBBAEIAbABBAEcAMABBAGMAQQBCAGMAQQBHAEUAQQBiAGcAQgB6AEEARwBrAEEAWQBnAEIAcwBBAEcAVQBBAEwAUQBCADAAQQBHADAAQQBjAEEAQQB0AEEARABFAEEATgB3AEEAeABBAEQAQQBBAE0AUQBBADEAQQBEAGsAQQBNAGcAQQB6AEEARABVAEEATABnAEEAeABBAEQAYwBBAE0AZwBBAHcAQQBEAEkAQQBNAFEAQQB0AEEARABJAEEATQBBAEEAdwBBAEQAawBBAE0AZwBBAHQAQQBEAEUAQQBNAHcAQQAyAEEARABNAEEATgBRAEEANQBBAEQATQBBAE0AQQBBAHkAQQBEAFUAQQBNAEEAQQB6AEEARABVAEEATwBBAEEAMwBBAEYAdwBBAEwAZwBBAG4AQQBDAEEAQQBMAFEAQgBHAEEARwA4AEEAYwBnAEIAagBBAEcAVQBBAEkAQQBBAHQAQQBGAEkAQQBaAFEAQgBqAEEASABVAEEAYwBnAEIAegBBAEcAVQBBAE8AdwBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F581-65EE-6901-000000005403}3820C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002829Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:57.108{C36AC009-F585-65EE-7701-000000005403}4904C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F584-65EE-7601-000000005403}588C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002827Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:56.990{C36AC009-F584-65EE-7601-000000005403}588C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F584-65EE-7501-000000005403}3616C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002825Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:56.880{C36AC009-F584-65EE-7501-000000005403}3616C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F584-65EE-7401-000000005403}4264C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002824Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:56.875{C36AC009-F584-65EE-7401-000000005403}4264C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F581-65EE-6901-000000005403}3820C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002822Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:56.080{C36AC009-F584-65EE-7301-000000005403}4888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANwAxADAAMQA1ADkAMgAzADUALgAxADcAMgAwADIAMQAtADIAMAAwADkAMgAtADEAMwA2ADMANQA5ADMAMAAyADUAMAAzADUAOAA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F584-65EE-7201-000000005403}996C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANwAxADAAMQA1ADkAMgAzADUALgAxADcAMgAwADIAMQAtADIAMAAwADkAMgAtADEAMwA2ADMANQA5ADMAMAAyADUAMAAzADUAOAA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=ATTACKRANGE\Administrator 154100x80000000000000002821Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:56.076{C36AC009-F584-65EE-7201-000000005403}996C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcAGEAbgBzAGkAYgBsAGUALQB0AG0AcAAtADEANwAxADAAMQA1ADkAMgAzADUALgAxADcAMgAwADIAMQAtADIAMAAwADkAMgAtADEAMwA2ADMANQA5ADMAMAAyADUAMAAzADUAOAA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F581-65EE-6901-000000005403}3820C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002819Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:55.426{C36AC009-F583-65EE-7101-000000005403}3228C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADcAMQAwADEANQA5ADIAMwA1AC4AMQA3ADIAMAAyADEALQAyADAAMAA5ADIALQAxADMANgAzADUAOQAzADAAMgA1ADAAMwA1ADgANwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F583-65EE-7001-000000005403}3876C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABjAEEATQBRAEEAdwBBAEQARQBBAE4AUQBBADUAQQBEAEkAQQBNAHcAQQAxAEEAQwA0AEEATQBRAEEAMwBBAEQASQBBAE0AQQBBAHkAQQBEAEUAQQBMAFEAQQB5AEEARABBAEEATQBBAEEANQBBAEQASQBBAEwAUQBBAHgAQQBEAE0AQQBOAGcAQQB6AEEARABVAEEATwBRAEEAegBBAEQAQQBBAE0AZwBBADEAQQBEAEEAQQBNAHcAQQAxAEEARABnAEEATgB3AEEAbgBBAEEAbwBBAFYAdwBCAHkAQQBHAGsAQQBkAEEAQgBsAEEAQwAwAEEAVAB3AEIAMQBBAEgAUQBBAGMAQQBCADEAQQBIAFEAQQBJAEEAQQB0AEEARQBrAEEAYgBnAEIAdwBBAEgAVQBBAGQAQQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEMAUQBBAGQAQQBCAHQAQQBIAEEAQQBMAGcAQgBHAEEASABVAEEAYgBBAEIAcwBBAEUANABBAFkAUQBCAHQAQQBHAFUAQQBDAGcAQgBKAEEARwBZAEEASQBBAEEAbwBBAEMAMABBAGIAZwBCAHYAQQBIAFEAQQBJAEEAQQBrAEEARAA4AEEASwBRAEEAZwBBAEgAcwBBAEkAQQBCAEoAQQBHAFkAQQBJAEEAQQBvAEEARQBjAEEAWgBRAEIAMABBAEMAMABBAFYAZwBCAGgAQQBIAEkAQQBhAFEAQgBoAEEARwBJAEEAYgBBAEIAbABBAEMAQQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQQB0AEEARQBVAEEAYwBnAEIAeQBBAEcAOABBAGMAZwBCAEIAQQBHAE0AQQBkAEEAQgBwAEEARwA4AEEAYgBnAEEAZwBBAEYATQBBAGEAUQBCAHMAQQBHAFUAQQBiAGcAQgAwAEEARwB3AEEAZQBRAEIARABBAEcAOABBAGIAZwBCADAAQQBHAGsAQQBiAGcAQgAxAEEARwBVAEEASwBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEASgBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBIADAAQQBJAEEAQgBGAEEARwB3AEEAYwB3AEIAbABBAEMAQQBBAGUAdwBBAGcAQQBHAFUAQQBlAEEAQgBwAEEASABRAEEASQBBAEEAeABBAEMAQQBBAGYAUQBBAGcAQQBIADAAQQA=ATTACKRANGE\Administrator 154100x80000000000000002817Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:55.314{C36AC009-F583-65EE-7001-000000005403}3876C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABjAEEATQBRAEEAdwBBAEQARQBBAE4AUQBBADUAQQBEAEkAQQBNAHcAQQAxAEEAQwA0AEEATQBRAEEAMwBBAEQASQBBAE0AQQBBAHkAQQBEAEUAQQBMAFEAQQB5AEEARABBAEEATQBBAEEANQBBAEQASQBBAEwAUQBBAHgAQQBEAE0AQQBOAGcAQQB6AEEARABVAEEATwBRAEEAegBBAEQAQQBBAE0AZwBBADEAQQBEAEEAQQBNAHcAQQAxAEEARABnAEEATgB3AEEAbgBBAEEAbwBBAFYAdwBCAHkAQQBHAGsAQQBkAEEAQgBsAEEAQwAwAEEAVAB3AEIAMQBBAEgAUQBBAGMAQQBCADEAQQBIAFEAQQBJAEEAQQB0AEEARQBrAEEAYgBnAEIAdwBBAEgAVQBBAGQAQQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEMAUQBBAGQAQQBCAHQAQQBIAEEAQQBMAGcAQgBHAEEASABVAEEAYgBBAEIAcwBBAEUANABBAFkAUQBCAHQAQQBHAFUAQQBDAGcAQgBKAEEARwBZAEEASQBBAEEAbwBBAEMAMABBAGIAZwBCAHYAQQBIAFEAQQBJAEEAQQBrAEEARAA4AEEASwBRAEEAZwBBAEgAcwBBAEkAQQBCAEoAQQBHAFkAQQBJAEEAQQBvAEEARQBjAEEAWgBRAEIAMABBAEMAMABBAFYAZwBCAGgAQQBIAEkAQQBhAFEAQgBoAEEARwBJAEEAYgBBAEIAbABBAEMAQQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQQB0AEEARQBVAEEAYwBnAEIAeQBBAEcAOABBAGMAZwBCAEIAQQBHAE0AQQBkAEEAQgBwAEEARwA4AEEAYgBnAEEAZwBBAEYATQBBAGEAUQBCAHMAQQBHAFUAQQBiAGcAQgAwAEEARwB3AEEAZQBRAEIARABBAEcAOABBAGIAZwBCADAAQQBHAGsAQQBiAGcAQgAxAEEARwBVAEEASwBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEASgBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBIADAAQQBJAEEAQgBGAEEARwB3AEEAYwB3AEIAbABBAEMAQQBBAGUAdwBBAGcAQQBHAFUAQQBlAEEAQgBwAEEASABRAEEASQBBAEEAeABBAEMAQQBBAGYAUQBBAGcAQQBIADAAQQA=C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F583-65EE-6F01-000000005403}4312C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABjAEEATQBRAEEAdwBBAEQARQBBAE4AUQBBADUAQQBEAEkAQQBNAHcAQQAxAEEAQwA0AEEATQBRAEEAMwBBAEQASQBBAE0AQQBBAHkAQQBEAEUAQQBMAFEAQQB5AEEARABBAEEATQBBAEEANQBBAEQASQBBAEwAUQBBAHgAQQBEAE0AQQBOAGcAQQB6AEEARABVAEEATwBRAEEAegBBAEQAQQBBAE0AZwBBADEAQQBEAEEAQQBNAHcAQQAxAEEARABnAEEATgB3AEEAbgBBAEEAbwBBAFYAdwBCAHkAQQBHAGsAQQBkAEEAQgBsAEEAQwAwAEEAVAB3AEIAMQBBAEgAUQBBAGMAQQBCADEAQQBIAFEAQQBJAEEAQQB0AEEARQBrAEEAYgBnAEIAdwBBAEgAVQBBAGQAQQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEMAUQBBAGQAQQBCAHQAQQBIAEEAQQBMAGcAQgBHAEEASABVAEEAYgBBAEIAcwBBAEUANABBAFkAUQBCAHQAQQBHAFUAQQBDAGcAQgBKAEEARwBZAEEASQBBAEEAbwBBAEMAMABBAGIAZwBCAHYAQQBIAFEAQQBJAEEAQQBrAEEARAA4AEEASwBRAEEAZwBBAEgAcwBBAEkAQQBCAEoAQQBHAFkAQQBJAEEAQQBvAEEARQBjAEEAWgBRAEIAMABBAEMAMABBAFYAZwBCAGgAQQBIAEkAQQBhAFEAQgBoAEEARwBJAEEAYgBBAEIAbABBAEMAQQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQQB0AEEARQBVAEEAYwBnAEIAeQBBAEcAOABBAGMAZwBCAEIAQQBHAE0AQQBkAEEAQgBwAEEARwA4AEEAYgBnAEEAZwBBAEYATQBBAGEAUQBCAHMAQQBHAFUAQQBiAGcAQgAwAEEARwB3AEEAZQBRAEIARABBAEcAOABBAGIAZwBCADAAQQBHAGsAQQBiAGcAQgAxAEEARwBVAEEASwBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEASgBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBIADAAQQBJAEEAQgBGAEEARwB3AEEAYwB3AEIAbABBAEMAQQBBAGUAdwBBAGcAQQBHAFUAQQBlAEEAQgBwAEEASABRAEEASQBBAEEAeABBAEMAQQBBAGYAUQBBAGcAQQBIADAAQQA=ATTACKRANGE\Administrator 154100x80000000000000002816Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:55.310{C36AC009-F583-65EE-6F01-000000005403}4312C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABjAEEATQBRAEEAdwBBAEQARQBBAE4AUQBBADUAQQBEAEkAQQBNAHcAQQAxAEEAQwA0AEEATQBRAEEAMwBBAEQASQBBAE0AQQBBAHkAQQBEAEUAQQBMAFEAQQB5AEEARABBAEEATQBBAEEANQBBAEQASQBBAEwAUQBBAHgAQQBEAE0AQQBOAGcAQQB6AEEARABVAEEATwBRAEEAegBBAEQAQQBBAE0AZwBBADEAQQBEAEEAQQBNAHcAQQAxAEEARABnAEEATgB3AEEAbgBBAEEAbwBBAFYAdwBCAHkAQQBHAGsAQQBkAEEAQgBsAEEAQwAwAEEAVAB3AEIAMQBBAEgAUQBBAGMAQQBCADEAQQBIAFEAQQBJAEEAQQB0AEEARQBrAEEAYgBnAEIAdwBBAEgAVQBBAGQAQQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEMAUQBBAGQAQQBCAHQAQQBIAEEAQQBMAGcAQgBHAEEASABVAEEAYgBBAEIAcwBBAEUANABBAFkAUQBCAHQAQQBHAFUAQQBDAGcAQgBKAEEARwBZAEEASQBBAEEAbwBBAEMAMABBAGIAZwBCAHYAQQBIAFEAQQBJAEEAQQBrAEEARAA4AEEASwBRAEEAZwBBAEgAcwBBAEkAQQBCAEoAQQBHAFkAQQBJAEEAQQBvAEEARQBjAEEAWgBRAEIAMABBAEMAMABBAFYAZwBCAGgAQQBIAEkAQQBhAFEAQgBoAEEARwBJAEEAYgBBAEIAbABBAEMAQQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQQB0AEEARQBVAEEAYwBnAEIAeQBBAEcAOABBAGMAZwBCAEIAQQBHAE0AQQBkAEEAQgBwAEEARwA4AEEAYgBnAEEAZwBBAEYATQBBAGEAUQBCAHMAQQBHAFUAQQBiAGcAQgAwAEEARwB3AEEAZQBRAEIARABBAEcAOABBAGIAZwBCADAAQQBHAGsAQQBiAGcAQgAxAEEARwBVAEEASwBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEASgBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBIADAAQQBJAEEAQgBGAEEARwB3AEEAYwB3AEIAbABBAEMAQQBBAGUAdwBBAGcAQQBHAFUAQQBlAEEAQgBwAEEASABRAEEASQBBAEEAeABBAEMAQQBBAGYAUQBBAGcAQQBIADAAQQA=C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F581-65EE-6901-000000005403}3820C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002815Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:54.131{C36AC009-F582-65EE-6E01-000000005403}4468C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F582-65EE-6D01-000000005403}5080C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002813Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:54.015{C36AC009-F582-65EE-6D01-000000005403}5080C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F581-65EE-6C01-000000005403}5040C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002811Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:53.899{C36AC009-F581-65EE-6C01-000000005403}5040C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F581-65EE-6B01-000000005403}516C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002810Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:53.894{C36AC009-F581-65EE-6B01-000000005403}516C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F581-65EE-6901-000000005403}3820C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002809Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:53.671{C36AC009-F581-65EE-6901-000000005403}3820C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C36AC009-F581-65EE-3EF5-0E0000000000}0xef53e0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000002605Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:36.018{C36AC009-F570-65EE-6801-000000005403}504C:\Windows\System32\HOSTNAME.EXE10.0.14393.0 (rs1_release.160715-1616)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=1088BA1BF7CDDFF61ECC51BC0C02FDEF,SHA256=B8DA5A3AE4371E63DFD2F468E29CC23AA6F98A6A357A67955996F8F61E58FBA1,IMPHASH=D210D728CB9D45B4D1827BCE52F7EC6E{C36AC009-F569-65EE-6201-000000005403}948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAEkAbgB0AGUAcgBuAGUAdAAgAEUAeABwAGwAbwByAGUAcgBcAE0AYQBpAG4AIgAgAC0ATgBhAG0AZQAgACIARABpAHMAYQBiAGwAZQBGAGkAcgBzAHQAUgB1AG4AQwB1AHMAdABvAG0AaQB6AGUAIgAgAC0AVgBhAGwAdQBlACAAMgAKAEkARQBYACAAKABJAFcAUgAgAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AcgBlAGQAYwBhAG4AYQByAHkAYwBvAC8AaQBuAHYAbwBrAGUALQBhAHQAbwBtAGkAYwByAGUAZAB0AGUAYQBtAC8AbQBhAHMAdABlAHIALwBpAG4AcwB0AGEAbABsAC0AYQB0AG8AbQBpAGMAcgBlAGQAdABlAGEAbQAuAHAAcwAxACkACgBJAG4AcwB0AGEAbABsAC0AQQB0AG8AbQBpAGMAUgBlAGQAVABlAGEAbQAgAC0ARgBvAHIAYwBlAAoASQBFAFgAIAAoAEkAVwBSACAAJwBoAHQAdABwAHMAOgAvAC8AcgBhAHcALgBnAGkAdABoAHUAYgB1AHMAZQByAGMAbwBuAHQAZQBuAHQALgBjAG8AbQAvAHIAZQBkAGMAYQBuAGEAcgB5AGMAbwAvAGkAbgB2AG8AawBlAC0AYQB0AG8AbQBpAGMAcgBlAGQAdABlAGEAbQAvAG0AYQBzAHQAZQByAC8AaQBuAHMAdABhAGwAbAAtAGEAdABvAG0AaQBjAHMAZgBvAGwAZABlAHIALgBwAHMAMQAnACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwApAAoASQBuAHMAdABhAGwAbAAtAEEAdABvAG0AaQBjAHMARgBvAGwAZABlAHIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAHAAbwBPAHcAbgBlAHIAIAAiAHIAZQBkAGMAYQBuAGEAcgB5AGMAbwAiACAALQBCAHIAYQBuAGMAaAAgACIAbQBhAHMAdABlAHIAIgA=ATTACKRANGE\Administrator 154100x80000000000000002604Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:35.949{C36AC009-F56F-65EE-6701-000000005403}4576C:\Windows\System32\HOSTNAME.EXE10.0.14393.0 (rs1_release.160715-1616)Hostname APPMicrosoft® Windows® Operating SystemMicrosoft Corporationhostname.exe"C:\Windows\system32\HOSTNAME.EXE"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=1088BA1BF7CDDFF61ECC51BC0C02FDEF,SHA256=B8DA5A3AE4371E63DFD2F468E29CC23AA6F98A6A357A67955996F8F61E58FBA1,IMPHASH=D210D728CB9D45B4D1827BCE52F7EC6E{C36AC009-F569-65EE-6201-000000005403}948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAEkAbgB0AGUAcgBuAGUAdAAgAEUAeABwAGwAbwByAGUAcgBcAE0AYQBpAG4AIgAgAC0ATgBhAG0AZQAgACIARABpAHMAYQBiAGwAZQBGAGkAcgBzAHQAUgB1AG4AQwB1AHMAdABvAG0AaQB6AGUAIgAgAC0AVgBhAGwAdQBlACAAMgAKAEkARQBYACAAKABJAFcAUgAgAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AcgBlAGQAYwBhAG4AYQByAHkAYwBvAC8AaQBuAHYAbwBrAGUALQBhAHQAbwBtAGkAYwByAGUAZAB0AGUAYQBtAC8AbQBhAHMAdABlAHIALwBpAG4AcwB0AGEAbABsAC0AYQB0AG8AbQBpAGMAcgBlAGQAdABlAGEAbQAuAHAAcwAxACkACgBJAG4AcwB0AGEAbABsAC0AQQB0AG8AbQBpAGMAUgBlAGQAVABlAGEAbQAgAC0ARgBvAHIAYwBlAAoASQBFAFgAIAAoAEkAVwBSACAAJwBoAHQAdABwAHMAOgAvAC8AcgBhAHcALgBnAGkAdABoAHUAYgB1AHMAZQByAGMAbwBuAHQAZQBuAHQALgBjAG8AbQAvAHIAZQBkAGMAYQBuAGEAcgB5AGMAbwAvAGkAbgB2AG8AawBlAC0AYQB0AG8AbQBpAGMAcgBlAGQAdABlAGEAbQAvAG0AYQBzAHQAZQByAC8AaQBuAHMAdABhAGwAbAAtAGEAdABvAG0AaQBjAHMAZgBvAGwAZABlAHIALgBwAHMAMQAnACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwApAAoASQBuAHMAdABhAGwAbAAtAEEAdABvAG0AaQBjAHMARgBvAGwAZABlAHIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAHAAbwBPAHcAbgBlAHIAIAAiAHIAZQBkAGMAYQBuAGEAcgB5AGMAbwAiACAALQBCAHIAYQBuAGMAaAAgACIAbQBhAHMAdABlAHIAIgA=ATTACKRANGE\Administrator 154100x80000000000000002599Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:35.913{C36AC009-F56F-65EE-6601-000000005403}4380C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RESF8AF.tmp" "c:\Users\Administrator\AppData\Local\Temp\we3bhyfp\CSC55BE251B337D48AC9B6095E16257BA3.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F56F-65EE-6501-000000005403}4876C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\we3bhyfp\we3bhyfp.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002598Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:35.856{C36AC009-F56F-65EE-6501-000000005403}4876C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\we3bhyfp\we3bhyfp.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F569-65EE-6201-000000005403}948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAEkAbgB0AGUAcgBuAGUAdAAgAEUAeABwAGwAbwByAGUAcgBcAE0AYQBpAG4AIgAgAC0ATgBhAG0AZQAgACIARABpAHMAYQBiAGwAZQBGAGkAcgBzAHQAUgB1AG4AQwB1AHMAdABvAG0AaQB6AGUAIgAgAC0AVgBhAGwAdQBlACAAMgAKAEkARQBYACAAKABJAFcAUgAgAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AcgBlAGQAYwBhAG4AYQByAHkAYwBvAC8AaQBuAHYAbwBrAGUALQBhAHQAbwBtAGkAYwByAGUAZAB0AGUAYQBtAC8AbQBhAHMAdABlAHIALwBpAG4AcwB0AGEAbABsAC0AYQB0AG8AbQBpAGMAcgBlAGQAdABlAGEAbQAuAHAAcwAxACkACgBJAG4AcwB0AGEAbABsAC0AQQB0AG8AbQBpAGMAUgBlAGQAVABlAGEAbQAgAC0ARgBvAHIAYwBlAAoASQBFAFgAIAAoAEkAVwBSACAAJwBoAHQAdABwAHMAOgAvAC8AcgBhAHcALgBnAGkAdABoAHUAYgB1AHMAZQByAGMAbwBuAHQAZQBuAHQALgBjAG8AbQAvAHIAZQBkAGMAYQBuAGEAcgB5AGMAbwAvAGkAbgB2AG8AawBlAC0AYQB0AG8AbQBpAGMAcgBlAGQAdABlAGEAbQAvAG0AYQBzAHQAZQByAC8AaQBuAHMAdABhAGwAbAAtAGEAdABvAG0AaQBjAHMAZgBvAGwAZABlAHIALgBwAHMAMQAnACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwApAAoASQBuAHMAdABhAGwAbAAtAEEAdABvAG0AaQBjAHMARgBvAGwAZABlAHIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAHAAbwBPAHcAbgBlAHIAIAAiAHIAZQBkAGMAYQBuAGEAcgB5AGMAbwAiACAALQBCAHIAYQBuAGMAaAAgACIAbQBhAHMAdABlAHIAIgA=ATTACKRANGE\Administrator 154100x80000000000000002559Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:30.719{C36AC009-F56A-65EE-6401-000000005403}4212C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RESE46C.tmp" "c:\Users\Administrator\AppData\Local\Temp\05cqd2io\CSCE7A5B739F4594918BBADF78713C02B9D.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F56A-65EE-6301-000000005403}3352C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\05cqd2io\05cqd2io.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002558Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:30.655{C36AC009-F56A-65EE-6301-000000005403}3352C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\05cqd2io\05cqd2io.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F569-65EE-6201-000000005403}948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAEkAbgB0AGUAcgBuAGUAdAAgAEUAeABwAGwAbwByAGUAcgBcAE0AYQBpAG4AIgAgAC0ATgBhAG0AZQAgACIARABpAHMAYQBiAGwAZQBGAGkAcgBzAHQAUgB1AG4AQwB1AHMAdABvAG0AaQB6AGUAIgAgAC0AVgBhAGwAdQBlACAAMgAKAEkARQBYACAAKABJAFcAUgAgAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AcgBlAGQAYwBhAG4AYQByAHkAYwBvAC8AaQBuAHYAbwBrAGUALQBhAHQAbwBtAGkAYwByAGUAZAB0AGUAYQBtAC8AbQBhAHMAdABlAHIALwBpAG4AcwB0AGEAbABsAC0AYQB0AG8AbQBpAGMAcgBlAGQAdABlAGEAbQAuAHAAcwAxACkACgBJAG4AcwB0AGEAbABsAC0AQQB0AG8AbQBpAGMAUgBlAGQAVABlAGEAbQAgAC0ARgBvAHIAYwBlAAoASQBFAFgAIAAoAEkAVwBSACAAJwBoAHQAdABwAHMAOgAvAC8AcgBhAHcALgBnAGkAdABoAHUAYgB1AHMAZQByAGMAbwBuAHQAZQBuAHQALgBjAG8AbQAvAHIAZQBkAGMAYQBuAGEAcgB5AGMAbwAvAGkAbgB2AG8AawBlAC0AYQB0AG8AbQBpAGMAcgBlAGQAdABlAGEAbQAvAG0AYQBzAHQAZQByAC8AaQBuAHMAdABhAGwAbAAtAGEAdABvAG0AaQBjAHMAZgBvAGwAZABlAHIALgBwAHMAMQAnACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwApAAoASQBuAHMAdABhAGwAbAAtAEEAdABvAG0AaQBjAHMARgBvAGwAZABlAHIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAHAAbwBPAHcAbgBlAHIAIAAiAHIAZQBkAGMAYQBuAGEAcgB5AGMAbwAiACAALQBCAHIAYQBuAGMAaAAgACIAbQBhAHMAdABlAHIAIgA=ATTACKRANGE\Administrator 154100x80000000000000002527Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:29.052{C36AC009-F569-65EE-6201-000000005403}948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAALQBQAGEAdABoACAAIgBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAEkAbgB0AGUAcgBuAGUAdAAgAEUAeABwAGwAbwByAGUAcgBcAE0AYQBpAG4AIgAgAC0ATgBhAG0AZQAgACIARABpAHMAYQBiAGwAZQBGAGkAcgBzAHQAUgB1AG4AQwB1AHMAdABvAG0AaQB6AGUAIgAgAC0AVgBhAGwAdQBlACAAMgAKAEkARQBYACAAKABJAFcAUgAgAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AcgBlAGQAYwBhAG4AYQByAHkAYwBvAC8AaQBuAHYAbwBrAGUALQBhAHQAbwBtAGkAYwByAGUAZAB0AGUAYQBtAC8AbQBhAHMAdABlAHIALwBpAG4AcwB0AGEAbABsAC0AYQB0AG8AbQBpAGMAcgBlAGQAdABlAGEAbQAuAHAAcwAxACkACgBJAG4AcwB0AGEAbABsAC0AQQB0AG8AbQBpAGMAUgBlAGQAVABlAGEAbQAgAC0ARgBvAHIAYwBlAAoASQBFAFgAIAAoAEkAVwBSACAAJwBoAHQAdABwAHMAOgAvAC8AcgBhAHcALgBnAGkAdABoAHUAYgB1AHMAZQByAGMAbwBuAHQAZQBuAHQALgBjAG8AbQAvAHIAZQBkAGMAYQBuAGEAcgB5AGMAbwAvAGkAbgB2AG8AawBlAC0AYQB0AG8AbQBpAGMAcgBlAGQAdABlAGEAbQAvAG0AYQBzAHQAZQByAC8AaQBuAHMAdABhAGwAbAAtAGEAdABvAG0AaQBjAHMAZgBvAGwAZABlAHIALgBwAHMAMQAnACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwApAAoASQBuAHMAdABhAGwAbAAtAEEAdABvAG0AaQBjAHMARgBvAGwAZABlAHIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAHAAbwBPAHcAbgBlAHIAIAAiAHIAZQBkAGMAYQBuAGEAcgB5AGMAbwAiACAALQBCAHIAYQBuAGMAaAAgACIAbQBhAHMAdABlAHIAIgA=C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F567-65EE-5E01-000000005403}4332C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002525Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:28.856{C36AC009-F568-65EE-6101-000000005403}2624C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RESDD28.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSCE12A413071AA49EB9634A7C39473FA44.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F568-65EE-6001-000000005403}3752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\w1vhoehe.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002524Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:28.778{C36AC009-F568-65EE-6001-000000005403}3752C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\w1vhoehe.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F567-65EE-5E01-000000005403}4332C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002521Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:28.062{C36AC009-F568-65EE-5F01-000000005403}2808C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F567-65EE-5E01-000000005403}4332C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002519Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:27.946{C36AC009-F567-65EE-5E01-000000005403}4332C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F567-65EE-5D01-000000005403}4524C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002517Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:27.833{C36AC009-F567-65EE-5D01-000000005403}4524C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F567-65EE-5C01-000000005403}2996C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002516Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:27.828{C36AC009-F567-65EE-5C01-000000005403}2996C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F567-65EE-5A01-000000005403}4668C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002515Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:27.606{C36AC009-F567-65EE-5A01-000000005403}4668C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C36AC009-F567-65EE-22D7-0D0000000000}0xdd7220HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000002509Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:25.329{C36AC009-F565-65EE-5901-000000005403}4212C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RESCF5D.tmp" "c:\Users\Administrator\AppData\Local\Temp\vvnuuzwi\CSCE395DB7BEBF4072ACAC3FB875AB0AF.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F563-65EE-3973-0D0000000000}0xd73390HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F565-65EE-5801-000000005403}4316C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\vvnuuzwi\vvnuuzwi.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002508Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:25.266{C36AC009-F565-65EE-5801-000000005403}4316C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\vvnuuzwi\vvnuuzwi.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F563-65EE-3973-0D0000000000}0xd73390HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F564-65EE-5701-000000005403}484C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABJAG4AcwB0AGEAbABsAC0AUABhAGMAawBhAGcAZQBQAHIAbwB2AGkAZABlAHIAIAAtAE4AYQBtAGUAIABOAHUARwBlAHQAIAAtAE0AaQBuAGkAbQB1AG0AVgBlAHIAcwBpAG8AbgAgADIALgA4AC4ANQAuADIAMAAxACAALQBGAG8AcgBjAGUAATTACKRANGE\Administrator 154100x80000000000000002504Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:24.632{C36AC009-F564-65EE-5701-000000005403}484C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABJAG4AcwB0AGEAbABsAC0AUABhAGMAawBhAGcAZQBQAHIAbwB2AGkAZABlAHIAIAAtAE4AYQBtAGUAIABOAHUARwBlAHQAIAAtAE0AaQBuAGkAbQB1AG0AVgBlAHIAcwBpAG8AbgAgADIALgA4AC4ANQAuADIAMAAxACAALQBGAG8AcgBjAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F563-65EE-3973-0D0000000000}0xd73390HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F563-65EE-5301-000000005403}664C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002502Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:24.436{C36AC009-F564-65EE-5601-000000005403}4340C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RESCBE3.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSCDFE677DDEE824F0885DC769CEECC3B94.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F563-65EE-3973-0D0000000000}0xd73390HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F564-65EE-5501-000000005403}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\dkjnfw3g.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002501Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:24.357{C36AC009-F564-65EE-5501-000000005403}2492C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\dkjnfw3g.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F563-65EE-3973-0D0000000000}0xd73390HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F563-65EE-5301-000000005403}664C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002498Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:23.639{C36AC009-F563-65EE-5401-000000005403}4812C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F563-65EE-3973-0D0000000000}0xd73390HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F563-65EE-5301-000000005403}664C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002496Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:23.522{C36AC009-F563-65EE-5301-000000005403}664C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F563-65EE-3973-0D0000000000}0xd73390HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F563-65EE-5201-000000005403}4300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002494Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:23.412{C36AC009-F563-65EE-5201-000000005403}4300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F563-65EE-3973-0D0000000000}0xd73390HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F563-65EE-5101-000000005403}3360C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002493Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:23.407{C36AC009-F563-65EE-5101-000000005403}3360C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F563-65EE-3973-0D0000000000}0xd73390HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F563-65EE-4F01-000000005403}4236C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002492Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:23.186{C36AC009-F563-65EE-4F01-000000005403}4236C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C36AC009-F563-65EE-3973-0D0000000000}0xd73390HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000002485Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:02.532{C36AC009-F54E-65EE-4E01-000000005403}4264C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES7650.tmp" "c:\Users\Administrator\AppData\Local\Temp\yajacqxv\CSCC291CDEF2F4695A4322A26ECB8217.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F54C-65EE-30D3-0B0000000000}0xbd3300HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F54E-65EE-4D01-000000005403}2908C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\yajacqxv\yajacqxv.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002484Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:02.425{C36AC009-F54E-65EE-4D01-000000005403}2908C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\yajacqxv\yajacqxv.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F54C-65EE-30D3-0B0000000000}0xbd3300HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F54D-65EE-4C01-000000005403}3084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFAAYQBjAGsAYQBnAGUAUAByAG8AdgBpAGQAZQByACAALQBMAGkAcwB0AEEAdgBhAGkAbABhAGIAbABlAA==ATTACKRANGE\Administrator 154100x80000000000000002480Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:01.663{C36AC009-F54D-65EE-4C01-000000005403}3084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFAAYQBjAGsAYQBnAGUAUAByAG8AdgBpAGQAZQByACAALQBMAGkAcwB0AEEAdgBhAGkAbABhAGIAbABlAA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F54C-65EE-30D3-0B0000000000}0xbd3300HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F54C-65EE-4801-000000005403}5008C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002478Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:01.468{C36AC009-F54D-65EE-4B01-000000005403}2196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES722A.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSCA1F6CADACA254B6499ABC5914A1CBF38.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F54C-65EE-30D3-0B0000000000}0xbd3300HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F54D-65EE-4A01-000000005403}2124C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\j4oga11v.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002477Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:13:01.389{C36AC009-F54D-65EE-4A01-000000005403}2124C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\j4oga11v.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F54C-65EE-30D3-0B0000000000}0xbd3300HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F54C-65EE-4801-000000005403}5008C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002442Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:54.151{C36AC009-F546-65EE-3501-000000005403}356C:\Windows\System32\auditpol.exe10.0.14393.0 (rs1_release.160715-1616)Audit Policy ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationAUDITPOL.EXE"C:\Windows\system32\auditpol.exe" /set "/category:Account Logon" "/subcategory:Kerberos Service Ticket Operations" /success:enable /failure:enableC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F544-65EE-6449-0B0000000000}0xb49640HighMD5=3F7C7B2CE3E905ED4868DEBB640A5234,SHA256=91278DA04F3A40DA84CD151D3E69A4F39EEF82BD7F7F3A238DD5E3C224CAA33A,IMPHASH=6048C81F132A9B79A2DCA0299EC963FD{C36AC009-F545-65EE-3401-000000005403}1380C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABhAHUAZABpAHQAcABvAGwAIAAvAHMAZQB0ACAALwBjAGEAdABlAGcAbwByAHkAOgAiAEEAYwBjAG8AdQBuAHQAIABMAG8AZwBvAG4AIgAgAC8AcwB1AGIAYwBhAHQAZQBnAG8AcgB5ADoAIgBLAGUAcgBiAGUAcgBvAHMAIABTAGUAcgB2AGkAYwBlACAAVABpAGMAawBlAHQAIABPAHAAZQByAGEAdABpAG8AbgBzACIAIAAvAHMAdQBjAGMAZQBzAHMAOgBlAG4AYQBiAGwAZQAgAC8AZgBhAGkAbAB1AHIAZQA6AGUAbgBhAGIAbABlAA==ATTACKRANGE\Administrator 154100x80000000000000002440Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:53.984{C36AC009-F545-65EE-3401-000000005403}1380C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABhAHUAZABpAHQAcABvAGwAIAAvAHMAZQB0ACAALwBjAGEAdABlAGcAbwByAHkAOgAiAEEAYwBjAG8AdQBuAHQAIABMAG8AZwBvAG4AIgAgAC8AcwB1AGIAYwBhAHQAZQBnAG8AcgB5ADoAIgBLAGUAcgBiAGUAcgBvAHMAIABTAGUAcgB2AGkAYwBlACAAVABpAGMAawBlAHQAIABPAHAAZQByAGEAdABpAG8AbgBzACIAIAAvAHMAdQBjAGMAZQBzAHMAOgBlAG4AYQBiAGwAZQAgAC8AZgBhAGkAbAB1AHIAZQA6AGUAbgBhAGIAbABlAA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F544-65EE-6449-0B0000000000}0xb49640HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F544-65EE-3001-000000005403}2728C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002438Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:53.786{C36AC009-F545-65EE-3301-000000005403}4660C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES5432.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSCFA703EDC13CE4DE8A495A734C68CFAC0.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F544-65EE-6449-0B0000000000}0xb49640HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F545-65EE-3201-000000005403}4328C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\verpw5bs.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002437Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:53.707{C36AC009-F545-65EE-3201-000000005403}4328C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\verpw5bs.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F544-65EE-6449-0B0000000000}0xb49640HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F544-65EE-3001-000000005403}2728C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002434Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:52.999{C36AC009-F544-65EE-3101-000000005403}3152C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F544-65EE-6449-0B0000000000}0xb49640HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F544-65EE-3001-000000005403}2728C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002432Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:52.881{C36AC009-F544-65EE-3001-000000005403}2728C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F544-65EE-6449-0B0000000000}0xb49640HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F544-65EE-2F01-000000005403}3648C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002430Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:52.764{C36AC009-F544-65EE-2F01-000000005403}3648C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F544-65EE-6449-0B0000000000}0xb49640HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F544-65EE-2E01-000000005403}5036C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002429Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:52.759{C36AC009-F544-65EE-2E01-000000005403}5036C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F544-65EE-6449-0B0000000000}0xb49640HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F544-65EE-2C01-000000005403}4472C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002428Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:52.536{C36AC009-F544-65EE-2C01-000000005403}4472C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C36AC009-F544-65EE-6449-0B0000000000}0xb49640HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000002427Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:51.562{C36AC009-F543-65EE-2B01-000000005403}4020C:\Windows\System32\auditpol.exe10.0.14393.0 (rs1_release.160715-1616)Audit Policy ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationAUDITPOL.EXE"C:\Windows\system32\auditpol.exe" /set "/category:Account Logon" "/subcategory:Kerberos Authentication Service" /success:enable /failure:enableC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F541-65EE-D410-0B0000000000}0xb10d40HighMD5=3F7C7B2CE3E905ED4868DEBB640A5234,SHA256=91278DA04F3A40DA84CD151D3E69A4F39EEF82BD7F7F3A238DD5E3C224CAA33A,IMPHASH=6048C81F132A9B79A2DCA0299EC963FD{C36AC009-F543-65EE-2A01-000000005403}3356C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABhAHUAZABpAHQAcABvAGwAIAAvAHMAZQB0ACAALwBjAGEAdABlAGcAbwByAHkAOgAiAEEAYwBjAG8AdQBuAHQAIABMAG8AZwBvAG4AIgAgAC8AcwB1AGIAYwBhAHQAZQBnAG8AcgB5ADoAIgBLAGUAcgBiAGUAcgBvAHMAIABBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AIABTAGUAcgB2AGkAYwBlACIAIAAvAHMAdQBjAGMAZQBzAHMAOgBlAG4AYQBiAGwAZQAgAC8AZgBhAGkAbAB1AHIAZQA6AGUAbgBhAGIAbABlAA==ATTACKRANGE\Administrator 154100x80000000000000002425Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:51.392{C36AC009-F543-65EE-2A01-000000005403}3356C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABhAHUAZABpAHQAcABvAGwAIAAvAHMAZQB0ACAALwBjAGEAdABlAGcAbwByAHkAOgAiAEEAYwBjAG8AdQBuAHQAIABMAG8AZwBvAG4AIgAgAC8AcwB1AGIAYwBhAHQAZQBnAG8AcgB5ADoAIgBLAGUAcgBiAGUAcgBvAHMAIABBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AIABTAGUAcgB2AGkAYwBlACIAIAAvAHMAdQBjAGMAZQBzAHMAOgBlAG4AYQBiAGwAZQAgAC8AZgBhAGkAbAB1AHIAZQA6AGUAbgBhAGIAbABlAA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F541-65EE-D410-0B0000000000}0xb10d40HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F542-65EE-2601-000000005403}3820C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002423Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:51.192{C36AC009-F543-65EE-2901-000000005403}4244C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES4A10.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC9A524027154140F992791A7CAAF539A6.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F541-65EE-D410-0B0000000000}0xb10d40HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F543-65EE-2801-000000005403}4812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\bv40jy4z.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002422Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:51.112{C36AC009-F543-65EE-2801-000000005403}4812C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\bv40jy4z.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F541-65EE-D410-0B0000000000}0xb10d40HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F542-65EE-2601-000000005403}3820C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002419Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:50.387{C36AC009-F542-65EE-2701-000000005403}1124C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F541-65EE-D410-0B0000000000}0xb10d40HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F542-65EE-2601-000000005403}3820C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002417Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:50.270{C36AC009-F542-65EE-2601-000000005403}3820C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F541-65EE-D410-0B0000000000}0xb10d40HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F542-65EE-2501-000000005403}4900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002415Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:50.159{C36AC009-F542-65EE-2501-000000005403}4900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F541-65EE-D410-0B0000000000}0xb10d40HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F542-65EE-2401-000000005403}4212C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002414Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:50.154{C36AC009-F542-65EE-2401-000000005403}4212C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F541-65EE-D410-0B0000000000}0xb10d40HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F541-65EE-2201-000000005403}2892C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002413Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:49.921{C36AC009-F541-65EE-2201-000000005403}2892C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C36AC009-F541-65EE-D410-0B0000000000}0xb10d40HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000002411Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:48.945{C36AC009-F540-65EE-2101-000000005403}4964C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exe"C:\Windows\system32\reg.exe" add HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters /v LogLevel /t REG_DWORD /d 1C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53F-65EE-4067-0A0000000000}0xa67400HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{C36AC009-F540-65EE-2001-000000005403}4284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAByAGUAZwAgAGEAZABkACAASABLAEwATQBcAFMAWQBTAFQARQBNAFwAQwB1AHIAcgBlAG4AdABDAG8AbgB0AHIAbwBsAFMAZQB0AFwAQwBvAG4AdAByAG8AbABcAEwAcwBhAFwASwBlAHIAYgBlAHIAbwBzAFwAUABhAHIAYQBtAGUAdABlAHIAcwAgAC8AdgAgABwgTABvAGcATABlAHYAZQBsAB0gIAAvAHQAIABSAEUARwBfAEQAVwBPAFIARAAgAC8AZAAgADEAATTACKRANGE\Administrator 154100x80000000000000002409Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:48.778{C36AC009-F540-65EE-2001-000000005403}4284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAByAGUAZwAgAGEAZABkACAASABLAEwATQBcAFMAWQBTAFQARQBNAFwAQwB1AHIAcgBlAG4AdABDAG8AbgB0AHIAbwBsAFMAZQB0AFwAQwBvAG4AdAByAG8AbABcAEwAcwBhAFwASwBlAHIAYgBlAHIAbwBzAFwAUABhAHIAYQBtAGUAdABlAHIAcwAgAC8AdgAgABwgTABvAGcATABlAHYAZQBsAB0gIAAvAHQAIABSAEUARwBfAEQAVwBPAFIARAAgAC8AZAAgADEAC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53F-65EE-4067-0A0000000000}0xa67400HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F53F-65EE-1C01-000000005403}2904C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002407Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:48.564{C36AC009-F540-65EE-1F01-000000005403}3108C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES3FCF.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSCF0B68311E33146789D95122EBE83BDA.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53F-65EE-4067-0A0000000000}0xa67400HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F540-65EE-1E01-000000005403}892C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\rromckib.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002406Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:48.482{C36AC009-F540-65EE-1E01-000000005403}892C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\rromckib.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53F-65EE-4067-0A0000000000}0xa67400HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F53F-65EE-1C01-000000005403}2904C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002403Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:47.783{C36AC009-F53F-65EE-1D01-000000005403}2188C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53F-65EE-4067-0A0000000000}0xa67400HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F53F-65EE-1C01-000000005403}2904C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002401Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:47.661{C36AC009-F53F-65EE-1C01-000000005403}2904C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53F-65EE-4067-0A0000000000}0xa67400HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F53F-65EE-1B01-000000005403}4820C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002399Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:47.535{C36AC009-F53F-65EE-1B01-000000005403}4820C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53F-65EE-4067-0A0000000000}0xa67400HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F53F-65EE-1A01-000000005403}2668C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002398Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:47.530{C36AC009-F53F-65EE-1A01-000000005403}2668C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53F-65EE-4067-0A0000000000}0xa67400HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F53F-65EE-1801-000000005403}372C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002397Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:47.305{C36AC009-F53F-65EE-1801-000000005403}372C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C36AC009-F53F-65EE-4067-0A0000000000}0xa67400HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000002396Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:47.074{C36AC009-F53F-65EE-1601-000000005403}508C:\Windows\System32\VSSVC.exe10.0.14393.4350 (rs1_release.210407-2154)Microsoft® Volume Shadow Copy ServiceMicrosoft® Windows® Operating SystemMicrosoft CorporationVSSVC.EXEC:\Windows\system32\vssvc.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=C417EA0DC7EF39347AB3AFC6D9CE0A3C,SHA256=198E5F8976CB3643D7D0709793CD49F8565AEEAC7871389255C7560F497F99CB,IMPHASH=B933B302F069B1ED43D97EAA68CD7B05{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000002392Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:45.354{C36AC009-F53D-65EE-1401-000000005403}996C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES333C.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC3B2A692DAB54DB6AB82DD295AB65892.TMP"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53B-65EE-5293-090000000000}0x993520HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F53D-65EE-1301-000000005403}4604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\kl3kuxso.cmdline"ATTACKRANGE\Administrator 154100x80000000000000002391Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:45.022{C36AC009-F53D-65EE-1301-000000005403}4604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\kl3kuxso.cmdline"C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53B-65EE-5293-090000000000}0x993520HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F53B-65EE-0B01-000000005403}4380C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002388Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:44.751{C36AC009-F53C-65EE-1201-000000005403}4976C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.6700_none_7edb674a220f1eb8\TiWorker.exe10.0.14393.6700 (rs1_release.240108-1824)Windows Modules Installer WorkerMicrosoft® Windows® Operating SystemMicrosoft CorporationTiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.6700_none_7edb674a220f1eb8\TiWorker.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=46F4D66DA6DB12EC26A1CE860BD83208,SHA256=5E77061356B88BB2D661D66CB343A36ABF00D4E50F4A78DC6943046486B630ED,IMPHASH=38FF53C1CCC1EE4C508C0F83A88C4E19{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000002387Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:44.721{C36AC009-F53C-65EE-1101-000000005403}5052C:\Windows\servicing\TrustedInstaller.exe10.0.14393.3564 (rs1_release.200303-1942)Windows Modules InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationTrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=187076E4BC7B2F5FB7D54D1234B3CDEA,SHA256=7AE4CC64E2F0E5C58ABB6542233DA78B9AEAAD22C9D853AB96265EF3FBFEFABE,IMPHASH=648F735E453FC6802BFAECAC5ACA72A4{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000002386Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:44.409{C36AC009-F53C-65EE-1001-000000005403}3788C:\Windows\Temp\9149D72B-1976-4DC8-8946-7B1110FDA7FB\DismHost.exe10.0.14393.4169 (rs1_release.210107-1130)Dism Host Servicing ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationDismHost.exeC:\Windows\TEMP\9149D72B-1976-4DC8-8946-7B1110FDA7FB\dismhost.exe {20AD6D91-A1E4-44AB-B3CB-5D14815DAF75}C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=A59C22B77871CC18970038B7FA43826F,SHA256=CB84B51713BAD689ABB96560E57A71B276D4B28B1C09C7116EE85F5782A1B144,IMPHASH=734010D3430DBD2CA51B599924FE1424{C36AC009-F53C-65EE-0D01-000000005403}5036C:\Windows\System32\Dism.exedism /online /enable-feature /featurename:File-Services /NoRestartNT AUTHORITY\SYSTEM 154100x80000000000000002265Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:44.113{C36AC009-F53C-65EE-0D01-000000005403}5036C:\Windows\System32\Dism.exe10.0.14393.4169 (rs1_release.210107-1130)Dism Image Servicing UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationDISM.EXEdism /online /enable-feature /featurename:File-Services /NoRestartC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=DD0DC0C490755CEA51413D940B31CF0C,SHA256=71C182B3550A7DCC61B56C2D7E363673574CD03000A5081C0A228D775ECAC133,IMPHASH=07D06C9BFC08891808D6DE5FCD00BC8A{C36AC009-F3F8-65EE-1C00-000000005403}2256C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k smbsvcsNT AUTHORITY\SYSTEM 154100x80000000000000002264Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:43.963{C36AC009-F53B-65EE-0C01-000000005403}2808C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53B-65EE-5293-090000000000}0x993520HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F53B-65EE-0B01-000000005403}4380C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==ATTACKRANGE\Administrator 154100x80000000000000002262Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:43.843{C36AC009-F53B-65EE-0B01-000000005403}4380C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53B-65EE-5293-090000000000}0x993520HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F53B-65EE-0A01-000000005403}4672C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002260Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:43.731{C36AC009-F53B-65EE-0A01-000000005403}4672C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53B-65EE-5293-090000000000}0x993520HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F53B-65EE-0901-000000005403}3452C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002259Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:43.726{C36AC009-F53B-65EE-0901-000000005403}3452C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F53B-65EE-5293-090000000000}0x993520HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F53B-65EE-0701-000000005403}4476C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002258Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:43.503{C36AC009-F53B-65EE-0701-000000005403}4476C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C36AC009-F53B-65EE-5293-090000000000}0x993520HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000002254Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:42.377{C36AC009-F53A-65EE-0601-000000005403}2904C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F53A-65EE-0501-000000005403}4844C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002252Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:42.261{C36AC009-F53A-65EE-0501-000000005403}4844C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F53A-65EE-0401-000000005403}4596C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002251Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:42.256{C36AC009-F53A-65EE-0401-000000005403}4596C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002250Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:40.206{C36AC009-F538-65EE-0301-000000005403}1300C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002249Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:39.378{C36AC009-F537-65EE-0201-000000005403}4760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002248Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:38.488{C36AC009-F536-65EE-0101-000000005403}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002247Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:36.458{C36AC009-F534-65EE-0001-000000005403}668C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002246Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:35.681{C36AC009-F533-65EE-FF00-000000005403}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe9.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=D4A01A34CB462A5ADD183B781180FE24,SHA256=CE12A30F916D7CCD57C024B6991DC4D5A80596B187E06FD3E34E0405D19D1714,IMPHASH=0B3917FB5306BF16B3F2D78E6FD4AC61{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002245Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:34.747{C36AC009-F532-65EE-FE00-000000005403}4952C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002243Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:28.997{C36AC009-F52C-65EE-FD00-000000005403}2980C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F52C-65EE-FC00-000000005403}1268C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002241Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:28.883{C36AC009-F52C-65EE-FC00-000000005403}1268C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F52C-65EE-FB00-000000005403}2728C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002240Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:28.878{C36AC009-F52C-65EE-FB00-000000005403}2728C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002238Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:15.617{C36AC009-F51F-65EE-FA00-000000005403}4436C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F51F-65EE-F900-000000005403}1872C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002236Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:15.503{C36AC009-F51F-65EE-F900-000000005403}1872C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F51F-65EE-F800-000000005403}4964C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002235Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:15.498{C36AC009-F51F-65EE-F800-000000005403}4964C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002233Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:01.990{C36AC009-F511-65EE-F500-000000005403}4676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F511-65EE-F400-000000005403}4708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002231Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:01.874{C36AC009-F511-65EE-F400-000000005403}4708C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F511-65EE-F300-000000005403}4236C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002230Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:12:01.870{C36AC009-F511-65EE-F300-000000005403}4236C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002228Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:48.555{C36AC009-F504-65EE-F200-000000005403}4420C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F504-65EE-F100-000000005403}4372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002226Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:48.443{C36AC009-F504-65EE-F100-000000005403}4372C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F504-65EE-F000-000000005403}4352C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002225Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:48.438{C36AC009-F504-65EE-F000-000000005403}4352C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002224Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:40.192{C36AC009-F4FC-65EE-EF00-000000005403}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002223Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:39.348{C36AC009-F4FB-65EE-EE00-000000005403}308C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002222Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:38.474{C36AC009-F4FA-65EE-ED00-000000005403}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002221Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:36.584{C36AC009-F4F8-65EE-EC00-000000005403}4880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002207Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:35.662{C36AC009-F4F7-65EE-EB00-000000005403}4804C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe9.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=D4A01A34CB462A5ADD183B781180FE24,SHA256=CE12A30F916D7CCD57C024B6991DC4D5A80596B187E06FD3E34E0405D19D1714,IMPHASH=0B3917FB5306BF16B3F2D78E6FD4AC61{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002205Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:35.404{C36AC009-F4F7-65EE-EA00-000000005403}4948C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4F7-65EE-E900-000000005403}4860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002203Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:35.292{C36AC009-F4F7-65EE-E900-000000005403}4860C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4F7-65EE-E800-000000005403}4544C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002202Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:35.288{C36AC009-F4F7-65EE-E800-000000005403}4544C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002201Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:34.715{C36AC009-F4F6-65EE-E700-000000005403}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002179Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:22.308{C36AC009-F4EA-65EE-E600-000000005403}4252C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4EA-65EE-E500-000000005403}4140C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002177Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:22.190{C36AC009-F4EA-65EE-E500-000000005403}4140C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4EA-65EE-E400-000000005403}4200C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002176Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:22.185{C36AC009-F4EA-65EE-E400-000000005403}4200C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002172Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:09.337{C36AC009-F4DD-65EE-DD00-000000005403}4828C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4DD-65EE-DC00-000000005403}4888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002170Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:09.226{C36AC009-F4DD-65EE-DC00-000000005403}4888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4DD-65EE-DB00-000000005403}4856C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002169Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:11:09.221{C36AC009-F4DD-65EE-DB00-000000005403}4856C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002167Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:56.327{C36AC009-F4D0-65EE-DA00-000000005403}1380C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4D0-65EE-D900-000000005403}2492C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002165Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:56.216{C36AC009-F4D0-65EE-D900-000000005403}2492C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4D0-65EE-D800-000000005403}4304C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002164Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:56.211{C36AC009-F4D0-65EE-D800-000000005403}4304C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002162Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:43.120{C36AC009-F4C3-65EE-D700-000000005403}3444C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4C3-65EE-D600-000000005403}3516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002160Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:43.008{C36AC009-F4C3-65EE-D600-000000005403}3516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4C3-65EE-D500-000000005403}5080C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002159Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:43.003{C36AC009-F4C3-65EE-D500-000000005403}5080C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002158Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:40.150{C36AC009-F4C0-65EE-D400-000000005403}1404C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002157Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:39.305{C36AC009-F4BF-65EE-D300-000000005403}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002156Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:38.445{C36AC009-F4BE-65EE-D200-000000005403}4148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002155Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:36.539{C36AC009-F4BC-65EE-D100-000000005403}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002154Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:35.617{C36AC009-F4BB-65EE-D000-000000005403}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe9.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=D4A01A34CB462A5ADD183B781180FE24,SHA256=CE12A30F916D7CCD57C024B6991DC4D5A80596B187E06FD3E34E0405D19D1714,IMPHASH=0B3917FB5306BF16B3F2D78E6FD4AC61{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002153Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:34.679{C36AC009-F4BA-65EE-CF00-000000005403}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002151Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:29.449{C36AC009-F4B5-65EE-CE00-000000005403}4744C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4B5-65EE-CD00-000000005403}4880C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002149Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:29.337{C36AC009-F4B5-65EE-CD00-000000005403}4880C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4B5-65EE-CC00-000000005403}4864C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002148Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:29.333{C36AC009-F4B5-65EE-CC00-000000005403}4864C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002146Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:16.075{C36AC009-F4A8-65EE-CB00-000000005403}2816C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4A7-65EE-CA00-000000005403}4484C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002144Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:15.958{C36AC009-F4A7-65EE-CA00-000000005403}4484C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F4A7-65EE-C900-000000005403}2624C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002143Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:15.953{C36AC009-F4A7-65EE-C900-000000005403}2624C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002141Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:02.497{C36AC009-F49A-65EE-C700-000000005403}2984C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F49A-65EE-C600-000000005403}5080C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002139Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:02.380{C36AC009-F49A-65EE-C600-000000005403}5080C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F49A-65EE-C500-000000005403}5092C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002138Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:10:02.375{C36AC009-F49A-65EE-C500-000000005403}5092C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002136Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:48.913{C36AC009-F48C-65EE-C400-000000005403}4716C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F48C-65EE-C300-000000005403}4520C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002134Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:48.800{C36AC009-F48C-65EE-C300-000000005403}4520C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F48C-65EE-C200-000000005403}4584C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002133Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:48.795{C36AC009-F48C-65EE-C200-000000005403}4584C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002132Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:40.083{C36AC009-F484-65EE-C100-000000005403}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002131Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:39.239{C36AC009-F483-65EE-C000-000000005403}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002130Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:38.379{C36AC009-F482-65EE-BF00-000000005403}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002125Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:36.472{C36AC009-F480-65EE-BE00-000000005403}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002124Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:35.548{C36AC009-F47F-65EE-BD00-000000005403}3032C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe9.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=D4A01A34CB462A5ADD183B781180FE24,SHA256=CE12A30F916D7CCD57C024B6991DC4D5A80596B187E06FD3E34E0405D19D1714,IMPHASH=0B3917FB5306BF16B3F2D78E6FD4AC61{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002122Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:35.433{C36AC009-F47F-65EE-BC00-000000005403}3060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F47F-65EE-BB00-000000005403}2944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002120Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:35.316{C36AC009-F47F-65EE-BB00-000000005403}2944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F47F-65EE-BA00-000000005403}3960C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002119Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:35.312{C36AC009-F47F-65EE-BA00-000000005403}3960C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002118Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:34.609{C36AC009-F47E-65EE-B900-000000005403}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002116Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:28.530{C36AC009-F478-65EE-B700-000000005403}652C:\Windows\System32\msdtc.exe2001.12.10941.16384 (rs1_release.160715-1616)Microsoft Distributed Transaction Coordinator ServiceMicrosoft® Windows® Operating SystemMicrosoft CorporationMSDTC.EXEC:\Windows\System32\msdtc.exeC:\Windows\system32\NT AUTHORITY\NETWORK SERVICE{C36AC009-F3EE-65EE-E403-000000000000}0x3e40SystemMD5=308F08347923DEEDE7BC03EC7D485841,SHA256=72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0,IMPHASH=D02F3DF332409C5D3F34BA2D38FC4ED4{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000002114Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:21.934{C36AC009-F471-65EE-B500-000000005403}4816C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F471-65EE-B400-000000005403}4884C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002112Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:21.821{C36AC009-F471-65EE-B400-000000005403}4884C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F471-65EE-B300-000000005403}4928C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002111Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:21.817{C36AC009-F471-65EE-B300-000000005403}4928C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002109Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:10.233{C36AC009-F466-65EE-B200-000000005403}4620C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002108Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:10.193{C36AC009-F466-65EE-B100-000000005403}4472C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002107Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:10.158{C36AC009-F466-65EE-B000-000000005403}4460C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002106Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:10.094{C36AC009-F466-65EE-AE00-000000005403}4672C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000002104Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:08.879{C36AC009-F464-65EE-AD00-000000005403}4300C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F464-65EE-AC00-000000005403}2416C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002102Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:08.767{C36AC009-F464-65EE-AC00-000000005403}2416C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F464-65EE-AB00-000000005403}4284C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002101Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:09:08.763{C36AC009-F464-65EE-AB00-000000005403}4284C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002099Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:55.442{C36AC009-F457-65EE-AA00-000000005403}4188C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F457-65EE-A900-000000005403}3656C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002097Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:55.330{C36AC009-F457-65EE-A900-000000005403}3656C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F457-65EE-A800-000000005403}2044C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002096Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:55.326{C36AC009-F457-65EE-A800-000000005403}2044C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002093Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:42.633{C36AC009-F44A-65EE-A700-000000005403}892C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F44A-65EE-A600-000000005403}5024C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002091Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:42.520{C36AC009-F44A-65EE-A600-000000005403}5024C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F44A-65EE-A500-000000005403}3264C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002090Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:42.516{C36AC009-F44A-65EE-A500-000000005403}3264C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002089Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:40.018{C36AC009-F448-65EE-A400-000000005403}4848C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002088Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:39.251{C36AC009-F447-65EE-A300-000000005403}4992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002087Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:38.296{C36AC009-F446-65EE-A200-000000005403}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002086Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:36.401{C36AC009-F444-65EE-A100-000000005403}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002085Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:35.446{C36AC009-F443-65EE-A000-000000005403}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe9.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=D4A01A34CB462A5ADD183B781180FE24,SHA256=CE12A30F916D7CCD57C024B6991DC4D5A80596B187E06FD3E34E0405D19D1714,IMPHASH=0B3917FB5306BF16B3F2D78E6FD4AC61{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002084Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:34.507{C36AC009-F442-65EE-9F00-000000005403}4592C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000002081Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:28.929{C36AC009-F43C-65EE-9E00-000000005403}4480C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F43C-65EE-9D00-000000005403}4240C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002079Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:28.818{C36AC009-F43C-65EE-9D00-000000005403}4240C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F43C-65EE-9C00-000000005403}4292C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002078Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:28.814{C36AC009-F43C-65EE-9C00-000000005403}4292C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002076Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:15.618{C36AC009-F42F-65EE-9A00-000000005403}3676C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F42F-65EE-9900-000000005403}4148C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002074Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:15.506{C36AC009-F42F-65EE-9900-000000005403}4148C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F42F-65EE-9800-000000005403}4116C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002073Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:15.502{C36AC009-F42F-65EE-9800-000000005403}4116C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002072Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:12.038{C36AC009-F42C-65EE-9700-000000005403}2696C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeC:\Windows\system32\reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{C36AC009-F42C-65EE-9600-000000005403}2508C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64NT AUTHORITY\SYSTEM 154100x80000000000000002071Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:12.032{C36AC009-F42C-65EE-9600-000000005403}2508C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c C:\Windows\system32\reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F42B-65EE-9400-000000005403}5080C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /d /c C:\Windows\system32\silcollector.cmd configureNT AUTHORITY\SYSTEM 154100x80000000000000002069Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:06.676{C36AC009-F426-65EE-9300-000000005403}4892C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F426-65EE-9200-000000005403}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002067Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:06.561{C36AC009-F426-65EE-9200-000000005403}4792C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F426-65EE-9100-000000005403}4780C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002066Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:06.557{C36AC009-F426-65EE-9100-000000005403}4780C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002064Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:01.434{C36AC009-F421-65EE-9000-000000005403}4616C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F421-65EE-8F00-000000005403}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002062Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:01.319{C36AC009-F421-65EE-8F00-000000005403}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F421-65EE-8E00-000000005403}4504C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002061Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:08:01.314{C36AC009-F421-65EE-8E00-000000005403}4504C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002057Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:58.532{C36AC009-F41E-65EE-8D00-000000005403}4336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F41E-65EE-8C00-000000005403}4240C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002055Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:58.417{C36AC009-F41E-65EE-8C00-000000005403}4240C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F41E-65EE-8B00-000000005403}4228C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002054Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:58.412{C36AC009-F41E-65EE-8B00-000000005403}4228C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002052Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:56.633{C36AC009-F41C-65EE-8A00-000000005403}2196C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBjADgAMwBlADMAYQBkADkALQA3ADMAMAA2AC0ANAAyADgAOAAtADgAZgA1ADEALQBjADMAMwAyAGYANgA5AGQAYgAxADEAZgAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F41C-65EE-8900-000000005403}2352C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002050Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:56.517{C36AC009-F41C-65EE-8900-000000005403}2352C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F41C-65EE-8800-000000005403}436C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002049Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:56.512{C36AC009-F41C-65EE-8800-000000005403}436C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBqAEEARABnAEEATQB3AEIAbABBAEQATQBBAFkAUQBCAGsAQQBEAGsAQQBMAFEAQQAzAEEARABNAEEATQBBAEEAMgBBAEMAMABBAE4AQQBBAHkAQQBEAGcAQQBPAEEAQQB0AEEARABnAEEAWgBnAEEAMQBBAEQARQBBAEwAUQBCAGoAQQBEAE0AQQBNAHcAQQB5AEEARwBZAEEATgBnAEEANQBBAEcAUQBBAFkAZwBBAHgAQQBEAEUAQQBaAGcAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002048Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:56.292{C36AC009-F41C-65EE-8600-000000005403}3332C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C36AC009-F41C-65EE-9B83-040000000000}0x4839b0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000002042Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:55.399{C36AC009-F41B-65EE-8500-000000005403}3812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAEcAZQB0AC0AQwBpAG0ASQBuAHMAdABhAG4AYwBlACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACAALQBQAHIAbwBwAGUAcgB0AHkAIABMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAKQAuAEwAYQBzAHQAQgBvAG8AdABVAHAAVABpAG0AZQAuAFQAbwBGAGkAbABlAFQAaQBtAGUAKAApAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41A-65EE-3C5B-040000000000}0x45b3c0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F41B-65EE-8400-000000005403}3400C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002040Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:55.269{C36AC009-F41B-65EE-8400-000000005403}3400C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41A-65EE-3C5B-040000000000}0x45b3c0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F41B-65EE-8300-000000005403}3636C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AATTACKRANGE\Administrator 154100x80000000000000002039Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:55.263{C36AC009-F41B-65EE-8300-000000005403}3636C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\ATTACKRANGE\Administrator{C36AC009-F41A-65EE-3C5B-040000000000}0x45b3c0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F41B-65EE-8100-000000005403}3004C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingATTACKRANGE\Administrator 154100x80000000000000002034Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:55.040{C36AC009-F41B-65EE-8100-000000005403}3004C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C36AC009-F41A-65EE-3C5B-040000000000}0x45b3c0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000002017Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:51.084{C36AC009-F417-65EE-7F00-000000005403}3400C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001977Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:51.045{C36AC009-F417-65EE-7E00-000000005403}3628C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001976Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:51.040{C36AC009-F417-65EE-7D00-000000005403}3356C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001975Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:51.005{C36AC009-F417-65EE-7C00-000000005403}3612C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001974Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:50.999{C36AC009-F416-65EE-7B00-000000005403}3556C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001973Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:50.960{C36AC009-F416-65EE-7A00-000000005403}3108C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001972Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:50.955{C36AC009-F416-65EE-7900-000000005403}3156C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001971Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:50.874{C36AC009-F416-65EE-7800-000000005403}3048C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001962Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:41.785{C36AC009-F40D-65EE-7700-000000005403}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe9.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=45D4E4A0BA891408C48EBD3363156C50,SHA256=F8EA3DCFF507F073270226A1910A4C492D85EBE1B07987560006BECBDDF1CEED,IMPHASH=B683C91350808D5BCFE1D283896855C3{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001961Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:40.848{C36AC009-F40C-65EE-7600-000000005403}3256C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe9.0.2Monitor windows event logssplunk ApplicationSplunk Inc.splunk-winevtlog.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=7F189A17E6E9A98AD68E84A2DD83E3A3,SHA256=8890D28B2F9FA801221F7F7115BC5E3C4980D80AC663C77CD1DD9A8D4BFF956A,IMPHASH=3831812AC0DE4E18D9D31DB74D2E66B6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001959Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:39.909{C36AC009-F40B-65EE-7500-000000005403}3260C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001958Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:39.154{C36AC009-F40B-65EE-7400-000000005403}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001957Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:38.221{C36AC009-F40A-65EE-7300-000000005403}3140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001956Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:37.269{C36AC009-F409-65EE-7200-000000005403}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe9.0.2Performance monitorsplunk ApplicationSplunk Inc.splunk-perfmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=C38E19AC849A4438115953E4D871B559,SHA256=C4C02165DCAA1B390CC05005A264FBC7B784393D819C0763B7C3BDC703DEE3F6,IMPHASH=55412D7362B6C3264A9D829D025AD564{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001955Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:36.316{C36AC009-F408-65EE-7100-000000005403}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001954Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:35.364{C36AC009-F407-65EE-7000-000000005403}3644C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe9.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=D4A01A34CB462A5ADD183B781180FE24,SHA256=CE12A30F916D7CCD57C024B6991DC4D5A80596B187E06FD3E34E0405D19D1714,IMPHASH=0B3917FB5306BF16B3F2D78E6FD4AC61{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001953Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:34.424{C36AC009-F406-65EE-6F00-000000005403}3624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001951Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:33.536{C36AC009-F405-65EE-6E00-000000005403}3788C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe9.0.2Remote Performance monitor using WMIsplunk ApplicationSplunk Inc.splunk-wmi.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=EB621283B97C04335C867BE300509CDA,SHA256=84787BB13B2F2CA9C4B4475357249BFC24159D43023ADE984AA32E8CD06EABE6,IMPHASH=13FB2F4C20ED5B77A57401BC672A42F9{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001950Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:32.532{C36AC009-F404-65EE-6D00-000000005403}2360C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001948Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:32.422{C36AC009-F404-65EE-6C00-000000005403}3288C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001947Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:32.313{C36AC009-F404-65EE-6B00-000000005403}3292C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001946Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:32.204{C36AC009-F404-65EE-6A00-000000005403}3132C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001945Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:32.094{C36AC009-F404-65EE-6900-000000005403}3952C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001944Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.984{C36AC009-F403-65EE-6800-000000005403}3216C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001942Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.906{C36AC009-F403-65EE-6700-000000005403}3836C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-WinEvent -FilterHashtable @( @{ LogName='System'; ProviderName='Microsoft-Windows-Kernel-General'; Id=12; Level=4 }, @{ LogName='System'; ProviderName='Microsoft-Windows-WER-SystemErrorReporting'; Id=1001; Level=2 } ) | Sort-Object TimeCreated -Descending" "| Select-Object" "Id, Level, ProviderName, TimeCreated, Properties" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001941Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.876{C36AC009-F403-65EE-6600-000000005403}3832C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001940Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.768{C36AC009-F403-65EE-6500-000000005403}3784C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001939Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.658{C36AC009-F403-65EE-6400-000000005403}3708C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinEventLog.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001937Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.591{C36AC009-F403-65EE-6300-000000005403}3360C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-CimInstance Win32_PnPEntity | Where-Object { $_.Service -eq 'xenvbd' }" "| Select-Object" DeviceID "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001936Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.555{C36AC009-F403-65EE-6200-000000005403}3344C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001935Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.548{C36AC009-F403-65EE-6100-000000005403}3268C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001934Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.285{C36AC009-F403-65EE-6000-000000005403}3128C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F403-65EE-5F00-000000005403}4076C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1NT AUTHORITY\SYSTEM 154100x80000000000000001933Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.281{C36AC009-F403-65EE-5F00-000000005403}4076C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001929Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.195{C36AC009-F403-65EE-5E00-000000005403}2036C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Amazon\AwsNitroEnclaves'" "| Select-Object" "Name, Version" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001928Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.048{C36AC009-F403-65EE-5D00-000000005403}2368C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F403-65EE-5C00-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001927Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.044{C36AC009-F403-65EE-5C00-000000005403}2344C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F403-65EE-5B00-000000005403}4048C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001926Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:31.040{C36AC009-F403-65EE-5B00-000000005403}4048C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F401-65EE-4B00-000000005403}4016C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x80000000000000001924Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:30.960{C36AC009-F402-65EE-5A00-000000005403}3232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Amazon\PVDriver'" "| Select-Object" "Name, Version" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001923Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:30.923{C36AC009-F402-65EE-5900-000000005403}3824C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001922Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:30.812{C36AC009-F402-65EE-5800-000000005403}3668C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F402-65EE-5700-000000005403}3748C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list replication_port --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001921Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:30.807{C36AC009-F402-65EE-5700-000000005403}3748C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F402-65EE-5600-000000005403}3760C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001920Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:30.803{C36AC009-F402-65EE-5600-000000005403}3760C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F401-65EE-4B00-000000005403}4016C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x80000000000000001919Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:30.511{C36AC009-F402-65EE-5500-000000005403}3692C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd" check-transforms-keysC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F401-65EE-4B00-000000005403}4016C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x80000000000000001917Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:30.453{C36AC009-F402-65EE-5400-000000005403}3680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-CimInstance Win32_OperatingSystem" "| Select-Object" "Version, OperatingSystemSKU" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001916Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:30.222{C36AC009-F402-65EE-5300-000000005403}3088C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F402-65EE-5200-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsNT AUTHORITY\SYSTEM 154100x80000000000000001915Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:30.217{C36AC009-F402-65EE-5200-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F401-65EE-4B00-000000005403}4016C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x80000000000000001914Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:29.976{C36AC009-F401-65EE-5100-000000005403}3548C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F401-65EE-5000-000000005403}3244C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsNT AUTHORITY\SYSTEM 154100x80000000000000001913Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:29.971{C36AC009-F401-65EE-5000-000000005403}3244C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F401-65EE-4B00-000000005403}4016C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x80000000000000001912Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:29.600{C36AC009-F401-65EE-4F00-000000005403}3300C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F401-65EE-4E00-000000005403}3328C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001911Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:29.595{C36AC009-F401-65EE-4E00-000000005403}3328C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F401-65EE-4B00-000000005403}4016C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x80000000000000001909Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:29.348{C36AC009-F401-65EE-4D00-000000005403}2368C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" check-licenseC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F401-65EE-4B00-000000005403}4016C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x80000000000000001905Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:29.112{C36AC009-F401-65EE-4C00-000000005403}4048C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" generate-sslC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F401-65EE-4B00-000000005403}4016C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x80000000000000001904Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:29.097{C36AC009-F401-65EE-4900-000000005403}3996C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'" "| Select-Object" "ProductName, BuildLabEx, CurrentMajorVersionNumber, CurrentMinorVersionNumber" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001903Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:29.103{C36AC009-F401-65EE-4B00-000000005403}4016C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F401-65EE-4A00-000000005403}4004C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1NT AUTHORITY\SYSTEM 154100x80000000000000001902Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:29.098{C36AC009-F401-65EE-4A00-000000005403}4004C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001901Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.920{C36AC009-F400-65EE-4800-000000005403}3948C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001900Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.642{C36AC009-F400-65EE-4300-000000005403}3792C:\Program Files\Amazon\SSM\ssm-agent-worker.exe-----"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=4879BCC8BDC7111CEC0BB841BE51CF62,SHA256=2AED2927F1D688B28F192E273B8CA203E23EDBCD80794FEA7C80A0A48729B20F,IMPHASH=4F2F006E2ECF7172AD368F8289DC96C1{C36AC009-F3FE-65EE-2300-000000005403}2636C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001899Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.826{C36AC009-F400-65EE-4600-000000005403}3836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list sslConfig --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F400-65EE-4500-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list sslConfig --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001898Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.822{C36AC009-F400-65EE-4500-000000005403}3816C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list sslConfig --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F400-65EE-4400-000000005403}3804C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001897Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.818{C36AC009-F400-65EE-4400-000000005403}3804C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FF-65EE-2F00-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x80000000000000001896Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.599{C36AC009-F400-65EE-4200-000000005403}3772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list watchdog --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F400-65EE-4100-000000005403}3752C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list watchdog --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001895Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.595{C36AC009-F400-65EE-4100-000000005403}3752C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list watchdog --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F400-65EE-4000-000000005403}3740C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001894Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.590{C36AC009-F400-65EE-4000-000000005403}3740C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FF-65EE-2F00-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x80000000000000001893Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.449{C36AC009-F400-65EE-3E00-000000005403}3668C:\Windows\System32\lodctr.exe10.0.14393.0 (rs1_release.160715-1616)Load PerfMon CountersMicrosoft® Windows® Operating SystemMicrosoft CorporationLODCTR.EXE"C:\Windows\system32\lodctr.exe" "C:\Windows\TEMP\tmp5E5C.tmp"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4436EB15113D5872A1ED801FFF738CE,SHA256=AEAE0D1EDC73E853A73FA9BC1A0836557E05910E777682D9B80E516B9C9E874D,IMPHASH=72679792BAB4BDCCE7DCAB2111CFC0DD{C36AC009-F3FE-65EE-2500-000000005403}2688C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeC:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEM 154100x80000000000000001892Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.375{C36AC009-F400-65EE-3D00-000000005403}3640C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F400-65EE-3C00-000000005403}3620C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001891Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.371{C36AC009-F400-65EE-3C00-000000005403}3620C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F400-65EE-3B00-000000005403}3608C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001890Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.367{C36AC009-F400-65EE-3B00-000000005403}3608C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FF-65EE-2F00-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x80000000000000001889Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.147{C36AC009-F400-65EE-3900-000000005403}3544C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F400-65EE-3800-000000005403}3524C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001888Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.143{C36AC009-F400-65EE-3800-000000005403}3524C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F400-65EE-3700-000000005403}3512C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001887Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.139{C36AC009-F400-65EE-3700-000000005403}3512C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FF-65EE-2F00-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x80000000000000001886Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:28.012{C36AC009-F400-65EE-3600-000000005403}3428C:\Windows\System32\vds.exe10.0.14393.4169 (rs1_release.210107-1130)Virtual Disk ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationvds.exeC:\Windows\System32\vds.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F43B67F8FB870A731294662603690C2F,SHA256=9707255C9778F9A8135BAA4F1A16FAC9EBF2991FD6AF937B232D5FA52D14AC33,IMPHASH=3F541E0A1D775ACA4A7D5FBDFF8433C5{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001885Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:27.993{C36AC009-F3FF-65EE-3400-000000005403}3372C:\Windows\System32\vdsldr.exe10.0.14393.4169 (rs1_release.210107-1130)Virtual Disk Service LoaderMicrosoft® Windows® Operating SystemMicrosoft Corporationvdsldr.exeC:\Windows\System32\vdsldr.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=B344B812DD6C294360563E52B2EF1C13,SHA256=0A4CA31848D7513F97F72D0292F5BBEE1CA409AAFFCACDE5369E12003B34118D,IMPHASH=D6207B24445355CEA1AC6C8E9A2BA2B9{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000001884Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:27.871{C36AC009-F3FF-65EE-3200-000000005403}3284C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F3FF-65EE-3100-000000005403}3264C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001883Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:27.865{C36AC009-F3FF-65EE-3100-000000005403}3264C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F3FF-65EE-3000-000000005403}3244C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-logNT AUTHORITY\SYSTEM 154100x80000000000000001882Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:27.860{C36AC009-F3FF-65EE-3000-000000005403}3244C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FF-65EE-2F00-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x80000000000000001881Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:27.852{C36AC009-F3FF-65EE-2F00-000000005403}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F3FF-65EE-2E00-000000005403}3208C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x80000000000000001880Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:27.848{C36AC009-F3FF-65EE-2E00-000000005403}3208C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001879Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:27.803{C36AC009-F3FF-65EE-2C00-000000005403}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F3FF-65EE-2A00-000000005403}3092C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsNT AUTHORITY\SYSTEM 154100x80000000000000001878Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:27.780{C36AC009-F3FF-65EE-2A00-000000005403}3092C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000001877Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:26.885{C36AC009-F3FE-65EE-2700-000000005403}2712C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001875Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:26.870{C36AC009-F3FE-65EE-2300-000000005403}2636C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe-----"C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=18F5F49E0B2A693659A95AE3D42AD442,SHA256=1B08939946B6CF467DFF59D52EFAE0638ED50D7618CCB64827BA17922A24B232,IMPHASH=4F2F006E2ECF7172AD368F8289DC96C1{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001874Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:26.989{C36AC009-F3FE-65EE-2900-000000005403}2968C:\Windows\System32\wbem\unsecapp.exe10.0.14393.4169 (rs1_release.210107-1130)Sink to receive asynchronous callbacks for WMI client applicationMicrosoft® Windows® Operating SystemMicrosoft Corporationunsecapp.dllC:\Windows\system32\wbem\unsecapp.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=2443CA5962E2134CB389DCD5056D27AE,SHA256=018FF62BCDC292CF9290DB0574C8EF9C97EBC26933C8FC950DD8E6B2B91972FB,IMPHASH=A3CC49DF67C2278F822C9EBB9908BF09{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000001873Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:26.917{C36AC009-F3FE-65EE-2800-000000005403}2832C:\Windows\sysmon64.exe15.14System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-C:\Windows\sysmon64.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=99C68A0A2EE8E42EBB52E1C84F80B730,SHA256=39B094613132377BC236F4AD940A3E02C544F86347C0179A9425EDC1BD3B85CD,IMPHASH=A039666F8D08DD16E0909469DA998438{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001872Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:26.878{C36AC009-F3FE-65EE-2600-000000005403}2700C:\Windows\System32\dfsrs.exe10.0.14393.4169 (rs1_release.210107-1130)Distributed File System ReplicationMicrosoft® Windows® Operating SystemMicrosoft Corporationdfsr.exeC:\Windows\system32\DFSRs.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=F2483716D6C752FB448C7295AA3B49A1,SHA256=6B77249159D3C217694B52F0B1C75E0649486EF4A3FE4513CD41D81E7DEB709A,IMPHASH=C1481566D7D03EEC4CC460B52429BA9C{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001871Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:26.864{C36AC009-F3FE-65EE-2100-000000005403}2604C:\Windows\System32\dns.exe10.0.14393.6707 (rs1_release.240122-1731)Domain Name System (DNS) ServerMicrosoft® Windows® Operating SystemMicrosoft Corporationdns.exeC:\Windows\system32\dns.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=5A62388E82778070BC48124E42D7D68E,SHA256=C2C3E4BFD3855A2FFA371DA710933D0AF01EA197BEA782FEF03A0900C9375755,IMPHASH=695C20DB111F86E11C4A5064BB32A378{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001870Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:26.877{C36AC009-F3FE-65EE-2500-000000005403}2688C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe10.0.14393.4046Microsoft.ActiveDirectory.WebServicesMicrosoft (R) Windows (R) Operating SystemMicrosoft CorporationMicrosoft.ActiveDirectory.WebServices.exeC:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=868245AE57651C1D8889B528A182C81A,SHA256=2BA73582B4334AEDA469B97D528C24CCB2392FD189524198017D59DF4C4F6504,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001869Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:26.876{C36AC009-F3FE-65EE-2400-000000005403}2680C:\Windows\System32\dfssvc.exe10.0.14393.6451 (rs1_release.231103-1737)Windows NT Distributed File System ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationdfssvc.exeC:\Windows\system32\dfssvc.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=8ED9CB914E0D98533B14D12243D21DC5,SHA256=B6CA66D76A6F7CE506762B714E1EFC617CA8F84163CCC3E78E84175A0BF61B98,IMPHASH=C8B32AEEF22A97D88BD68D70385A1B30{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001868Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:26.867{C36AC009-F3FE-65EE-2200-000000005403}2612C:\Windows\System32\ismserv.exe10.0.14393.0 (rs1_release.160715-1616)Windows NT Intersite Messaging ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationismserv.exeC:\Windows\System32\ismserv.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=39F0EC2CAE7FF38BABDDE2252ACCEA67,SHA256=29BDF4D2040D24E02B830A272D02CF29F19FD4E1A0F54F22BCC76301A0BFD26F,IMPHASH=088F7CD1DAA87B8E05239EDAB00479BB{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001867Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:26.830{C36AC009-F3FE-65EE-2000-000000005403}2496C:\Program Files\Amazon\XenTools\LiteAgent.exe1.0xenagentXENIFACEAmazon Inc.xenagent.exe"C:\Program Files\Amazon\XenTools\LiteAgent.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=3727559C2C2FE26EE668086FAF992815,SHA256=8130E7A850E0A088CB46F2595F7418CE9D73CE2F7750FC017ABC5CF3DED05F06,IMPHASH=C8B18E9A517CB77EA7AB3E7295D84FE8{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001866Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:26.793{C36AC009-F3FE-65EE-1E00-000000005403}2408C:\Windows\System32\spoolsv.exe10.0.14393.6078 (rs1_release.230626-1747)Spooler SubSystem AppMicrosoft® Windows® Operating SystemMicrosoft Corporationspoolsv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=578840E14C88B6DC95EBAC0D208F493C,SHA256=C391E5024F1B8FAB6DCD88BBE3B36F71FAE02DD815EA9273D9ACB247781955FB,IMPHASH=BDE05BF1A813EB07FFA212837CB0F528{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001865Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:20.394{C36AC009-F3F8-65EE-1C00-000000005403}2256C:\Windows\System32\svchost.exe10.0.14393.5582 (rs1_release.221130-1719)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\System32\svchost.exe -k smbsvcsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=83557C9B0E94FCB9D5181D928563991C,SHA256=11FAEB577FAF552BE4FF2275195CD0B3471228EE56C25D38DE5261BF87DF48BA,IMPHASH=9C33C8C3DCCAC65606FE5A9180D15924{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001858Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:11.161{C36AC009-F3EF-65EE-1500-000000005403}1212C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-1{C36AC009-F3EF-65EE-BBB8-000000000000}0xb8bb1SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408,IMPHASH=DDB7DE3741333EE031929A760FCD4542{C36AC009-F3EB-65EE-0900-000000005403}576C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x80000000000000001857Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:11.097{C36AC009-F3EF-65EE-1100-000000005403}776C:\Windows\System32\svchost.exe10.0.14393.5582 (rs1_release.221130-1719)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\NT AUTHORITY\LOCAL SERVICE{C36AC009-F3EF-65EE-E503-000000000000}0x3e50SystemMD5=83557C9B0E94FCB9D5181D928563991C,SHA256=11FAEB577FAF552BE4FF2275195CD0B3471228EE56C25D38DE5261BF87DF48BA,IMPHASH=9C33C8C3DCCAC65606FE5A9180D15924{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001856Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:11.080{C36AC009-F3EF-65EE-0F00-000000005403}96C:\Windows\System32\svchost.exe10.0.14393.5582 (rs1_release.221130-1719)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\System32\svchost.exe -k termsvcsC:\Windows\system32\NT AUTHORITY\NETWORK SERVICE{C36AC009-F3EE-65EE-E403-000000000000}0x3e40SystemMD5=83557C9B0E94FCB9D5181D928563991C,SHA256=11FAEB577FAF552BE4FF2275195CD0B3471228EE56C25D38DE5261BF87DF48BA,IMPHASH=9C33C8C3DCCAC65606FE5A9180D15924{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001855Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:11.079{C36AC009-F3EF-65EE-0E00-000000005403}384C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa3b5f055 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e71SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5,IMPHASH=A6F3A84D171E55B51A7343E05C8DFAC3{C36AC009-F3EB-65EE-0900-000000005403}576C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x80000000000000001854Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:10.775{C36AC009-F3EE-65EE-0C00-000000005403}868C:\Windows\System32\svchost.exe10.0.14393.5582 (rs1_release.221130-1719)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=83557C9B0E94FCB9D5181D928563991C,SHA256=11FAEB577FAF552BE4FF2275195CD0B3471228EE56C25D38DE5261BF87DF48BA,IMPHASH=9C33C8C3DCCAC65606FE5A9180D15924{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001835Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:08.597{C36AC009-F3EC-65EE-0B00-000000005403}636C:\Windows\System32\lsass.exe10.0.14393.4704 (rs1_release.211004-1917)Local Security Authority ProcessMicrosoft® Windows® Operating SystemMicrosoft Corporationlsass.exeC:\Windows\system32\lsass.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=93212FD52A9CD5ADDAD2FD2A779355D2,SHA256=95888DAEFD187FAC9C979387F75FF3628548E7DDF5D70AD489CF996B9CAD7193,IMPHASH=D6BD93CD721B30625A910C53F829499B{C36AC009-F3EB-65EE-0700-000000005403}488C:\Windows\System32\wininit.exewininit.exeNT AUTHORITY\SYSTEM 154100x80000000000000001834Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:08.558{C36AC009-F3EC-65EE-0A00-000000005403}628C:\Windows\System32\services.exe10.0.14393.4169 (rs1_release.210107-1130)Services and Controller appMicrosoft® Windows® Operating SystemMicrosoft Corporationservices.exeC:\Windows\system32\services.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=FEFC26105685C70D7260170489B5B520,SHA256=930F44F9A599937BDB23CF0C7EA4D158991B837D2A0975C15686CDD4198808E8,IMPHASH=A1C9FD59764D67AA201947276212F7CF{C36AC009-F3EB-65EE-0700-000000005403}488C:\Windows\System32\wininit.exewininit.exeNT AUTHORITY\SYSTEM 154100x80000000000000001833Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:07.934{C36AC009-F3EB-65EE-0900-000000005403}576C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e71SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9,IMPHASH=3CF10D94C117DB4F6E9D523B93429D6D{C36AC009-F3EB-65EE-0600-000000005403}480C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f0 0000007c NT AUTHORITY\SYSTEM 154100x80000000000000001832Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:07.584{C36AC009-F3EB-65EE-0700-000000005403}488C:\Windows\System32\wininit.exe10.0.14393.5582 (rs1_release.221130-1719)Windows Start-Up ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWinInit.exewininit.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=BF2E08F50F3E361EA04CC57147728352,SHA256=059966B74A344FB6347E4DC9478FC1E8760CC2EA3B63B552D10EBBB933B78D05,IMPHASH=C8D526C4E61942E1B11AE4B7EE2DDE5D{C36AC009-F3EA-65EE-0400-000000005403}408C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c0 0000007c NT AUTHORITY\SYSTEM 154100x80000000000000001831Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:07.587{C36AC009-F3EB-65EE-0800-000000005403}496C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e71SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{C36AC009-F3EB-65EE-0600-000000005403}480C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f0 0000007c NT AUTHORITY\SYSTEM 154100x80000000000000001830Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:07.582{C36AC009-F3EB-65EE-0600-000000005403}480C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 000000f0 0000007c C:\Windows\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e71SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{C36AC009-F3E9-65EE-0200-000000005403}320C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exeNT AUTHORITY\SYSTEM 154100x80000000000000001829Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:06.248{C36AC009-F3EA-65EE-0500-000000005403}416C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{C36AC009-F3EA-65EE-0400-000000005403}408C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000c0 0000007c NT AUTHORITY\SYSTEM 154100x80000000000000001828Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:06.157{C36AC009-F3EA-65EE-0400-000000005403}408C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 000000c0 0000007c C:\Windows\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{C36AC009-F3E9-65EE-0200-000000005403}320C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exeNT AUTHORITY\SYSTEM 154100x80000000000000001825Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:07:05.620{C36AC009-F3E9-65EE-0300-000000005403}360C:\Windows\System32\autochk.exe10.0.14393.4350 (rs1_release.210407-2154)Auto Check UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationAutoChk.Exe\??\C:\Windows\system32\autochk.exe /q /v *C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F3EC-65EE-E703-000000000000}0x3e70SystemMD5=A512733E2C767F87A8029400B4A48CD0,SHA256=1ED75EB59C2897304E0160E0605071178418802C31910D78A2076B0414047875,IMPHASH=1BF5E4792E849FE3BCFE23E7C1B21A3F{C36AC009-F3E9-65EE-0200-000000005403}320C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exeNT AUTHORITY\SYSTEM 154100x80000000000000001820Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:06:56.020{C36AC009-F3E0-65EE-9201-000000005303}1252C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-0000-0000-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001819Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:06:55.994{C36AC009-F3DF-65EE-9101-000000005303}2724C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-0000-0000-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001818Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:06:55.969{C36AC009-F3DF-65EE-9001-000000005303}4012C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-0000-0000-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001817Microsoft-Windows-Sysmon/Operationalar-win.attackrange.local-2024-03-11 12:06:55.943{C36AC009-F3DF-65EE-8F01-000000005303}2624C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-0000-0000-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x80000000000000001816Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:54.935{C36AC009-F3DE-65EE-8E01-000000005303}2432C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2524--- 154100x80000000000000001815Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:53.589{C36AC009-F3DD-65EE-8D01-000000005303}2256C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2524--- 154100x80000000000000001814Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:52.760{C36AC009-F3DC-65EE-8C01-000000005303}432C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe9.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=D4A01A34CB462A5ADD183B781180FE24,SHA256=CE12A30F916D7CCD57C024B6991DC4D5A80596B187E06FD3E34E0405D19D1714,IMPHASH=0B3917FB5306BF16B3F2D78E6FD4AC61{00000000-0000-0000-0000-000000000000}2524--- 154100x80000000000000001813Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:52.017{C36AC009-F3DC-65EE-8B01-000000005303}3744C:\Windows\System32\shutdown.exe10.0.14393.0 (rs1_release.160715-1616)Windows Shutdown and Annotation ToolMicrosoft® Windows® Operating SystemMicrosoft CorporationSHUTDOWN.EXE"C:\Windows\system32\shutdown.exe" /r /t 2 /c "Reboot initiated by Ansible"C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3DA-65EE-771C-170000000000}0x171c770HighMD5=547993395376742A437D3145AF6B0309,SHA256=F96073C3442EA0A99B4945394007602772DB36732D1511DC2068519526678F8A,IMPHASH=609F1D7580ED496A3076AEBA77DAFC7E{C36AC009-F3DB-65EE-8901-000000005303}4084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAQwBvAG4AdABpAG4AdQBlACcACgBpAGYAIAAoACQAVAByAHUAZQApACAAewAKAFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABXAGkAbgBsAG8AZwBvAG4AXABBAHUAdABvAEwAbwBnAG8AbgBDAGgAZQBjAGsAZQBkACcAIAAtAEYAbwByAGMAZQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAKAH0ACgAkAHMAdABkAG8AdQB0ACAAPQAgACQAbgB1AGwAbAAKACQAcwB0AGQAZQByAHIAIAA9ACAALgAgAHsAIABzAGgAdQB0AGQAbwB3AG4ALgBlAHgAZQAgAC8AcgAgAC8AdAAgADIAIAAvAGMAIAAnAFIAZQBiAG8AbwB0ACAAaQBuAGkAdABpAGEAdABlAGQAIABiAHkAIABBAG4AcwBpAGIAbABlACcAIAB8ACAAUwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABzAHQAZABvAHUAdAAgAH0AIAAyAD4AJgAxACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAFQAbwBTAHQAcgBpAG4AZwAKAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgAgAC0AQwBvAG0AcAByAGUAcwBzACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIABAAHsACgBzAHQAZABvAHUAdAAgAD0AIAAoAEAAKAAkAHMAdABkAG8AdQB0ACkAIAAtAGoAbwBpAG4AIAAiAGAAbgAiACkACgBzAHQAZABlAHIAcgAgAD0AIAAoAEAAKAAkAHMAdABkAGUAcgByACkAIAAtAGoAbwBpAG4AIAAiAGAAbgAiACkACgByAGMAIAA9ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAKAH0ACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0AAR-WIN\Administrator 154100x80000000000000001812Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:51.993{C36AC009-F3DB-65EE-8A01-000000005303}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2524--- 154100x80000000000000001810Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:51.796{C36AC009-F3DB-65EE-8901-000000005303}4084C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAQwBvAG4AdABpAG4AdQBlACcACgBpAGYAIAAoACQAVAByAHUAZQApACAAewAKAFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABXAGkAbgBsAG8AZwBvAG4AXABBAHUAdABvAEwAbwBnAG8AbgBDAGgAZQBjAGsAZQBkACcAIAAtAEYAbwByAGMAZQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAKAH0ACgAkAHMAdABkAG8AdQB0ACAAPQAgACQAbgB1AGwAbAAKACQAcwB0AGQAZQByAHIAIAA9ACAALgAgAHsAIABzAGgAdQB0AGQAbwB3AG4ALgBlAHgAZQAgAC8AcgAgAC8AdAAgADIAIAAvAGMAIAAnAFIAZQBiAG8AbwB0ACAAaQBuAGkAdABpAGEAdABlAGQAIABiAHkAIABBAG4AcwBpAGIAbABlACcAIAB8ACAAUwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABzAHQAZABvAHUAdAAgAH0AIAAyAD4AJgAxACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAFQAbwBTAHQAcgBpAG4AZwAKAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgAgAC0AQwBvAG0AcAByAGUAcwBzACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIABAAHsACgBzAHQAZABvAHUAdAAgAD0AIAAoAEAAKAAkAHMAdABkAG8AdQB0ACkAIAAtAGoAbwBpAG4AIAAiAGAAbgAiACkACgBzAHQAZABlAHIAcgAgAD0AIAAoAEAAKAAkAHMAdABkAGUAcgByACkAIAAtAGoAbwBpAG4AIAAiAGAAbgAiACkACgByAGMAIAA9ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAKAH0ACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3DA-65EE-771C-170000000000}0x171c770HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F3DB-65EE-8801-000000005303}96C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgBRAEEASABJAEEAWgBRAEIAbQBBAEcAVQBBAGMAZwBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAYwBBAEMAZwBCAHAAQQBHAFkAQQBJAEEAQQBvAEEAQwBRAEEAVgBBAEIAeQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBLAEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEEAZwBBAEMAMABBAFQAQQBCAHAAQQBIAFEAQQBaAFEAQgB5AEEARwBFAEEAYgBBAEIAUQBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBKAHcAQgBJAEEARQBzAEEAVABBAEIATgBBAEQAbwBBAFgAQQBCAFQAQQBFADgAQQBSAGcAQgBVAEEARgBjAEEAUQBRAEIAUwBBAEUAVQBBAFgAQQBCAE4AQQBHAGsAQQBZAHcAQgB5AEEARwA4AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCAGMAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEgATQBBAEkAQQBCAE8AQQBGAFEAQQBYAEEAQgBEAEEASABVAEEAYwBnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAQQBCAFgAQQBHAGsAQQBiAGcAQgBzAEEARwA4AEEAWgB3AEIAdgBBAEcANABBAFgAQQBCAEIAQQBIAFUAQQBkAEEAQgB2AEEARQB3AEEAYgB3AEIAbgBBAEcAOABBAGIAZwBCAEQAQQBHAGcAQQBaAFEAQgBqAEEARwBzAEEAWgBRAEIAawBBAEMAYwBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAEsAQQBIADAAQQBDAGcAQQBrAEEASABNAEEAZABBAEIAawBBAEcAOABBAGQAUQBCADAAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYgBnAEIAMQBBAEcAdwBBAGIAQQBBAEsAQQBDAFEAQQBjAHcAQgAwAEEARwBRAEEAWgBRAEIAeQBBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBMAGcAQQBnAEEASABzAEEASQBBAEIAegBBAEcAZwBBAGQAUQBCADAAQQBHAFEAQQBiAHcAQgAzAEEARwA0AEEATABnAEIAbABBAEgAZwBBAFoAUQBBAGcAQQBDADgAQQBjAGcAQQBnAEEAQwA4AEEAZABBAEEAZwBBAEQASQBBAEkAQQBBAHYAQQBHAE0AQQBJAEEAQQBuAEEARgBJAEEAWgBRAEIAaQBBAEcAOABBAGIAdwBCADAAQQBDAEEAQQBhAFEAQgB1AEEARwBrAEEAZABBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBHAFEAQQBJAEEAQgBpAEEASABrAEEASQBBAEIAQgBBAEcANABBAGMAdwBCAHAAQQBHAEkAQQBiAEEAQgBsAEEAQwBjAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBIADAAQQBJAEEAQQB5AEEARAA0AEEASgBnAEEAeABBAEMAQQBBAGYAQQBBAGcAQQBFAFkAQQBiAHcAQgB5AEEARQBVAEEAWQBRAEIAagBBAEcAZwBBAEwAUQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEYAUQBBAGIAdwBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwA0AEEAWgB3AEEASwBBAEUATQBBAGIAdwBCAHUAQQBIAFkAQQBaAFEAQgB5AEEASABRAEEAVgBBAEIAdgBBAEMAMABBAFMAZwBCAHoAQQBHADgAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEAQwBBAEEATABRAEIASgBBAEcANABBAGMAQQBCADEAQQBIAFEAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAEEAQQBIAHMAQQBDAGcAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBBAEEASwBBAEEAawBBAEgATQBBAGQAQQBCAGsAQQBHADgAQQBkAFEAQgAwAEEAQwBrAEEASQBBAEEAdABBAEcAbwBBAGIAdwBCAHAAQQBHADQAQQBJAEEAQQBpAEEARwBBAEEAYgBnAEEAaQBBAEMAawBBAEMAZwBCAHoAQQBIAFEAQQBaAEEAQgBsAEEASABJAEEAYwBnAEEAZwBBAEQAMABBAEkAQQBBAG8AQQBFAEEAQQBLAEEAQQBrAEEASABNAEEAZABBAEIAawBBAEcAVQBBAGMAZwBCAHkAQQBDAGsAQQBJAEEAQQB0AEEARwBvAEEAYgB3AEIAcABBAEcANABBAEkAQQBBAGkAQQBHAEEAQQBiAGcAQQBpAEEAQwBrAEEAQwBnAEIAeQBBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEASwBBAEgAMABBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==AR-WIN\Administrator 154100x80000000000000001808Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:51.680{C36AC009-F3DB-65EE-8801-000000005303}96C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgBRAEEASABJAEEAWgBRAEIAbQBBAEcAVQBBAGMAZwBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAYwBBAEMAZwBCAHAAQQBHAFkAQQBJAEEAQQBvAEEAQwBRAEEAVgBBAEIAeQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBLAEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEEAZwBBAEMAMABBAFQAQQBCAHAAQQBIAFEAQQBaAFEAQgB5AEEARwBFAEEAYgBBAEIAUQBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBKAHcAQgBJAEEARQBzAEEAVABBAEIATgBBAEQAbwBBAFgAQQBCAFQAQQBFADgAQQBSAGcAQgBVAEEARgBjAEEAUQBRAEIAUwBBAEUAVQBBAFgAQQBCAE4AQQBHAGsAQQBZAHcAQgB5AEEARwA4AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCAGMAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEgATQBBAEkAQQBCAE8AQQBGAFEAQQBYAEEAQgBEAEEASABVAEEAYwBnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAQQBCAFgAQQBHAGsAQQBiAGcAQgBzAEEARwA4AEEAWgB3AEIAdgBBAEcANABBAFgAQQBCAEIAQQBIAFUAQQBkAEEAQgB2AEEARQB3AEEAYgB3AEIAbgBBAEcAOABBAGIAZwBCAEQAQQBHAGcAQQBaAFEAQgBqAEEARwBzAEEAWgBRAEIAawBBAEMAYwBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAEsAQQBIADAAQQBDAGcAQQBrAEEASABNAEEAZABBAEIAawBBAEcAOABBAGQAUQBCADAAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYgBnAEIAMQBBAEcAdwBBAGIAQQBBAEsAQQBDAFEAQQBjAHcAQgAwAEEARwBRAEEAWgBRAEIAeQBBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBMAGcAQQBnAEEASABzAEEASQBBAEIAegBBAEcAZwBBAGQAUQBCADAAQQBHAFEAQQBiAHcAQgAzAEEARwA0AEEATABnAEIAbABBAEgAZwBBAFoAUQBBAGcAQQBDADgAQQBjAGcAQQBnAEEAQwA4AEEAZABBAEEAZwBBAEQASQBBAEkAQQBBAHYAQQBHAE0AQQBJAEEAQQBuAEEARgBJAEEAWgBRAEIAaQBBAEcAOABBAGIAdwBCADAAQQBDAEEAQQBhAFEAQgB1AEEARwBrAEEAZABBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBHAFEAQQBJAEEAQgBpAEEASABrAEEASQBBAEIAQgBBAEcANABBAGMAdwBCAHAAQQBHAEkAQQBiAEEAQgBsAEEAQwBjAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBIADAAQQBJAEEAQQB5AEEARAA0AEEASgBnAEEAeABBAEMAQQBBAGYAQQBBAGcAQQBFAFkAQQBiAHcAQgB5AEEARQBVAEEAWQBRAEIAagBBAEcAZwBBAEwAUQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEYAUQBBAGIAdwBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwA0AEEAWgB3AEEASwBBAEUATQBBAGIAdwBCAHUAQQBIAFkAQQBaAFEAQgB5AEEASABRAEEAVgBBAEIAdgBBAEMAMABBAFMAZwBCAHoAQQBHADgAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEAQwBBAEEATABRAEIASgBBAEcANABBAGMAQQBCADEAQQBIAFEAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAEEAQQBIAHMAQQBDAGcAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBBAEEASwBBAEEAawBBAEgATQBBAGQAQQBCAGsAQQBHADgAQQBkAFEAQgAwAEEAQwBrAEEASQBBAEEAdABBAEcAbwBBAGIAdwBCAHAAQQBHADQAQQBJAEEAQQBpAEEARwBBAEEAYgBnAEEAaQBBAEMAawBBAEMAZwBCAHoAQQBIAFEAQQBaAEEAQgBsAEEASABJAEEAYwBnAEEAZwBBAEQAMABBAEkAQQBBAG8AQQBFAEEAQQBLAEEAQQBrAEEASABNAEEAZABBAEIAawBBAEcAVQBBAGMAZwBCAHkAQQBDAGsAQQBJAEEAQQB0AEEARwBvAEEAYgB3AEIAcABBAEcANABBAEkAQQBBAGkAQQBHAEEAQQBiAGcAQQBpAEEAQwBrAEEAQwBnAEIAeQBBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEASwBBAEgAMABBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3DA-65EE-771C-170000000000}0x171c770HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F3DB-65EE-8701-000000005303}1212C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgBRAEEASABJAEEAWgBRAEIAbQBBAEcAVQBBAGMAZwBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAYwBBAEMAZwBCAHAAQQBHAFkAQQBJAEEAQQBvAEEAQwBRAEEAVgBBAEIAeQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBLAEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEEAZwBBAEMAMABBAFQAQQBCAHAAQQBIAFEAQQBaAFEAQgB5AEEARwBFAEEAYgBBAEIAUQBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBKAHcAQgBJAEEARQBzAEEAVABBAEIATgBBAEQAbwBBAFgAQQBCAFQAQQBFADgAQQBSAGcAQgBVAEEARgBjAEEAUQBRAEIAUwBBAEUAVQBBAFgAQQBCAE4AQQBHAGsAQQBZAHcAQgB5AEEARwA4AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCAGMAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEgATQBBAEkAQQBCAE8AQQBGAFEAQQBYAEEAQgBEAEEASABVAEEAYwBnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAQQBCAFgAQQBHAGsAQQBiAGcAQgBzAEEARwA4AEEAWgB3AEIAdgBBAEcANABBAFgAQQBCAEIAQQBIAFUAQQBkAEEAQgB2AEEARQB3AEEAYgB3AEIAbgBBAEcAOABBAGIAZwBCAEQAQQBHAGcAQQBaAFEAQgBqAEEARwBzAEEAWgBRAEIAawBBAEMAYwBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAEsAQQBIADAAQQBDAGcAQQBrAEEASABNAEEAZABBAEIAawBBAEcAOABBAGQAUQBCADAAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYgBnAEIAMQBBAEcAdwBBAGIAQQBBAEsAQQBDAFEAQQBjAHcAQgAwAEEARwBRAEEAWgBRAEIAeQBBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBMAGcAQQBnAEEASABzAEEASQBBAEIAegBBAEcAZwBBAGQAUQBCADAAQQBHAFEAQQBiAHcAQgAzAEEARwA0AEEATABnAEIAbABBAEgAZwBBAFoAUQBBAGcAQQBDADgAQQBjAGcAQQBnAEEAQwA4AEEAZABBAEEAZwBBAEQASQBBAEkAQQBBAHYAQQBHAE0AQQBJAEEAQQBuAEEARgBJAEEAWgBRAEIAaQBBAEcAOABBAGIAdwBCADAAQQBDAEEAQQBhAFEAQgB1AEEARwBrAEEAZABBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBHAFEAQQBJAEEAQgBpAEEASABrAEEASQBBAEIAQgBBAEcANABBAGMAdwBCAHAAQQBHAEkAQQBiAEEAQgBsAEEAQwBjAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBIADAAQQBJAEEAQQB5AEEARAA0AEEASgBnAEEAeABBAEMAQQBBAGYAQQBBAGcAQQBFAFkAQQBiAHcAQgB5AEEARQBVAEEAWQBRAEIAagBBAEcAZwBBAEwAUQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEYAUQBBAGIAdwBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwA0AEEAWgB3AEEASwBBAEUATQBBAGIAdwBCAHUAQQBIAFkAQQBaAFEAQgB5AEEASABRAEEAVgBBAEIAdgBBAEMAMABBAFMAZwBCAHoAQQBHADgAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEAQwBBAEEATABRAEIASgBBAEcANABBAGMAQQBCADEAQQBIAFEAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAEEAQQBIAHMAQQBDAGcAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBBAEEASwBBAEEAawBBAEgATQBBAGQAQQBCAGsAQQBHADgAQQBkAFEAQgAwAEEAQwBrAEEASQBBAEEAdABBAEcAbwBBAGIAdwBCAHAAQQBHADQAQQBJAEEAQQBpAEEARwBBAEEAYgBnAEEAaQBBAEMAawBBAEMAZwBCAHoAQQBIAFEAQQBaAEEAQgBsAEEASABJAEEAYwBnAEEAZwBBAEQAMABBAEkAQQBBAG8AQQBFAEEAQQBLAEEAQQBrAEEASABNAEEAZABBAEIAawBBAEcAVQBBAGMAZwBCAHkAQQBDAGsAQQBJAEEAQQB0AEEARwBvAEEAYgB3AEIAcABBAEcANABBAEkAQQBBAGkAQQBHAEEAQQBiAGcAQQBpAEEAQwBrAEEAQwBnAEIAeQBBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEASwBBAEgAMABBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==AR-WIN\Administrator 154100x80000000000000001807Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:51.675{C36AC009-F3DB-65EE-8701-000000005303}1212C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgBRAEEASABJAEEAWgBRAEIAbQBBAEcAVQBBAGMAZwBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAYwBBAEMAZwBCAHAAQQBHAFkAQQBJAEEAQQBvAEEAQwBRAEEAVgBBAEIAeQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBLAEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEEAZwBBAEMAMABBAFQAQQBCAHAAQQBIAFEAQQBaAFEAQgB5AEEARwBFAEEAYgBBAEIAUQBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBKAHcAQgBJAEEARQBzAEEAVABBAEIATgBBAEQAbwBBAFgAQQBCAFQAQQBFADgAQQBSAGcAQgBVAEEARgBjAEEAUQBRAEIAUwBBAEUAVQBBAFgAQQBCAE4AQQBHAGsAQQBZAHcAQgB5AEEARwA4AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCAGMAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEgATQBBAEkAQQBCAE8AQQBGAFEAQQBYAEEAQgBEAEEASABVAEEAYwBnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAQQBCAFgAQQBHAGsAQQBiAGcAQgBzAEEARwA4AEEAWgB3AEIAdgBBAEcANABBAFgAQQBCAEIAQQBIAFUAQQBkAEEAQgB2AEEARQB3AEEAYgB3AEIAbgBBAEcAOABBAGIAZwBCAEQAQQBHAGcAQQBaAFEAQgBqAEEARwBzAEEAWgBRAEIAawBBAEMAYwBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAEsAQQBIADAAQQBDAGcAQQBrAEEASABNAEEAZABBAEIAawBBAEcAOABBAGQAUQBCADAAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYgBnAEIAMQBBAEcAdwBBAGIAQQBBAEsAQQBDAFEAQQBjAHcAQgAwAEEARwBRAEEAWgBRAEIAeQBBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBMAGcAQQBnAEEASABzAEEASQBBAEIAegBBAEcAZwBBAGQAUQBCADAAQQBHAFEAQQBiAHcAQgAzAEEARwA0AEEATABnAEIAbABBAEgAZwBBAFoAUQBBAGcAQQBDADgAQQBjAGcAQQBnAEEAQwA4AEEAZABBAEEAZwBBAEQASQBBAEkAQQBBAHYAQQBHAE0AQQBJAEEAQQBuAEEARgBJAEEAWgBRAEIAaQBBAEcAOABBAGIAdwBCADAAQQBDAEEAQQBhAFEAQgB1AEEARwBrAEEAZABBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBHAFEAQQBJAEEAQgBpAEEASABrAEEASQBBAEIAQgBBAEcANABBAGMAdwBCAHAAQQBHAEkAQQBiAEEAQgBsAEEAQwBjAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBIADAAQQBJAEEAQQB5AEEARAA0AEEASgBnAEEAeABBAEMAQQBBAGYAQQBBAGcAQQBFAFkAQQBiAHcAQgB5AEEARQBVAEEAWQBRAEIAagBBAEcAZwBBAEwAUQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEYAUQBBAGIAdwBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwA0AEEAWgB3AEEASwBBAEUATQBBAGIAdwBCAHUAQQBIAFkAQQBaAFEAQgB5AEEASABRAEEAVgBBAEIAdgBBAEMAMABBAFMAZwBCAHoAQQBHADgAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEAQwBBAEEATABRAEIASgBBAEcANABBAGMAQQBCADEAQQBIAFEAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAEEAQQBIAHMAQQBDAGcAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBBAEEASwBBAEEAawBBAEgATQBBAGQAQQBCAGsAQQBHADgAQQBkAFEAQgAwAEEAQwBrAEEASQBBAEEAdABBAEcAbwBBAGIAdwBCAHAAQQBHADQAQQBJAEEAQQBpAEEARwBBAEEAYgBnAEEAaQBBAEMAawBBAEMAZwBCAHoAQQBIAFEAQQBaAEEAQgBsAEEASABJAEEAYwBnAEEAZwBBAEQAMABBAEkAQQBBAG8AQQBFAEEAQQBLAEEAQQBrAEEASABNAEEAZABBAEIAawBBAEcAVQBBAGMAZwBCAHkAQQBDAGsAQQBJAEEAQQB0AEEARwBvAEEAYgB3AEIAcABBAEcANABBAEkAQQBBAGkAQQBHAEEAQQBiAGcAQQBpAEEAQwBrAEEAQwBnAEIAeQBBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEASwBBAEgAMABBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3DA-65EE-771C-170000000000}0x171c770HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3DA-65EE-8201-000000005303}1064C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x80000000000000001805Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:50.991{C36AC009-F3DA-65EE-8601-000000005303}1516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAEcAZQB0AC0AQwBpAG0ASQBuAHMAdABhAG4AYwBlACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACAALQBQAHIAbwBwAGUAcgB0AHkAIABMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAKQAuAEwAYQBzAHQAQgBvAG8AdABVAHAAVABpAG0AZQAuAFQAbwBGAGkAbABlAFQAaQBtAGUAKAApAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3DA-65EE-771C-170000000000}0x171c770HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F3DA-65EE-8501-000000005303}2716C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AAR-WIN\Administrator 154100x80000000000000001803Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:50.878{C36AC009-F3DA-65EE-8501-000000005303}2716C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3DA-65EE-771C-170000000000}0x171c770HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F3DA-65EE-8401-000000005303}4056C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AAR-WIN\Administrator 154100x80000000000000001802Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:50.873{C36AC009-F3DA-65EE-8401-000000005303}4056C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3DA-65EE-771C-170000000000}0x171c770HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3DA-65EE-8201-000000005303}1064C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x80000000000000001801Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:50.651{C36AC009-F3DA-65EE-8201-000000005303}1064C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\AR-WIN\Administrator{C36AC009-F3DA-65EE-771C-170000000000}0x171c770HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000001782Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:46.787{C36AC009-F3D6-65EE-8001-000000005303}3324C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3D6-65EE-879C-160000000000}0x169c870HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F3D6-65EE-7F01-000000005303}3836C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x80000000000000001780Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:46.667{C36AC009-F3D6-65EE-7F01-000000005303}3836C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3D6-65EE-879C-160000000000}0x169c870HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F3D6-65EE-7E01-000000005303}3888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x80000000000000001778Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:46.550{C36AC009-F3D6-65EE-7E01-000000005303}3888C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3D6-65EE-879C-160000000000}0x169c870HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F3D6-65EE-7D01-000000005303}3456C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x80000000000000001777Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:46.545{C36AC009-F3D6-65EE-7D01-000000005303}3456C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3D6-65EE-879C-160000000000}0x169c870HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3D6-65EE-7B01-000000005303}3556C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x80000000000000001776Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:46.323{C36AC009-F3D6-65EE-7B01-000000005303}3556C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\AR-WIN\Administrator{C36AC009-F3D6-65EE-879C-160000000000}0x169c870HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000001743Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:06:18.960{C36AC009-F3BA-65EE-7901-000000005303}1236C:\Windows\System32\msdtc.exe2001.12.10941.16384 (rs1_release.160715-1616)Microsoft Distributed Transaction Coordinator ServiceMicrosoft® Windows® Operating SystemMicrosoft CorporationMSDTC.EXEC:\Windows\System32\msdtc.exeC:\Windows\system32\NT AUTHORITY\NETWORK SERVICE{C36AC009-F340-65EE-E403-000000000000}0x3e40SystemMD5=308F08347923DEEDE7BC03EC7D485841,SHA256=72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0,IMPHASH=D02F3DF332409C5D3F34BA2D38FC4ED4{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001738Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:58.398{C36AC009-F3A6-65EE-7701-000000005303}652C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3A5-65EE-837A-100000000000}0x107a830HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F3A6-65EE-7601-000000005303}1956C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x80000000000000001736Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:58.279{C36AC009-F3A6-65EE-7601-000000005303}1956C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3A5-65EE-837A-100000000000}0x107a830HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F3A6-65EE-7501-000000005303}3404C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x80000000000000001734Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:58.165{C36AC009-F3A6-65EE-7501-000000005303}3404C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3A5-65EE-837A-100000000000}0x107a830HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F3A6-65EE-7401-000000005303}3500C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x80000000000000001733Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:58.160{C36AC009-F3A6-65EE-7401-000000005303}3500C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F3A5-65EE-837A-100000000000}0x107a830HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F3A5-65EE-7201-000000005303}92C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x80000000000000001732Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:57.941{C36AC009-F3A5-65EE-7201-000000005303}92C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\AR-WIN\Administrator{C36AC009-F3A5-65EE-837A-100000000000}0x107a830HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000001731Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:56.751{C36AC009-F3A4-65EE-7101-000000005303}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2524--- 154100x80000000000000001730Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:55.847{C36AC009-F3A3-65EE-7001-000000005303}1956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2524--- 154100x80000000000000001728Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:54.896{C36AC009-F3A2-65EE-6B01-000000005303}2532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2524--- 154100x80000000000000001726Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:54.734{C36AC009-F3A2-65EE-6A01-000000005303}2520C:\Windows\System32\vds.exe10.0.14393.4169 (rs1_release.210107-1130)Virtual Disk ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationvds.exeC:\Windows\System32\vds.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F43B67F8FB870A731294662603690C2F,SHA256=9707255C9778F9A8135BAA4F1A16FAC9EBF2991FD6AF937B232D5FA52D14AC33,IMPHASH=3F541E0A1D775ACA4A7D5FBDFF8433C5{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001725Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:54.713{C36AC009-F3A2-65EE-6901-000000005303}3708C:\Windows\System32\vdsldr.exe10.0.14393.4169 (rs1_release.210107-1130)Virtual Disk Service LoaderMicrosoft® Windows® Operating SystemMicrosoft Corporationvdsldr.exeC:\Windows\System32\vdsldr.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=B344B812DD6C294360563E52B2EF1C13,SHA256=0A4CA31848D7513F97F72D0292F5BBEE1CA409AAFFCACDE5369E12003B34118D,IMPHASH=D6207B24445355CEA1AC6C8E9A2BA2B9{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000001724Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:54.707{C36AC009-F3A2-65EE-6801-000000005303}340C:\Windows\System32\dfssvc.exe10.0.14393.6451 (rs1_release.231103-1737)Windows NT Distributed File System ServiceMicrosoft® Windows® Operating SystemMicrosoft Corporationdfssvc.exeC:\Windows\system32\dfssvc.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=8ED9CB914E0D98533B14D12243D21DC5,SHA256=B6CA66D76A6F7CE506762B714E1EFC617CA8F84163CCC3E78E84175A0BF61B98,IMPHASH=C8B32AEEF22A97D88BD68D70385A1B30{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001723Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:54.655{C36AC009-F3A2-65EE-6701-000000005303}3336C:\Windows\System32\dfsrs.exe10.0.14393.4169 (rs1_release.210107-1130)Distributed File System ReplicationMicrosoft® Windows® Operating SystemMicrosoft Corporationdfsr.exeC:\Windows\system32\DFSRs.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F2483716D6C752FB448C7295AA3B49A1,SHA256=6B77249159D3C217694B52F0B1C75E0649486EF4A3FE4513CD41D81E7DEB709A,IMPHASH=C1481566D7D03EEC4CC460B52429BA9C{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x80000000000000001695Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:53.550{C36AC009-F3A1-65EE-6601-000000005303}1056C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2524--- 154100x80000000000000001606Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:52.661{C36AC009-F3A0-65EE-6501-000000005303}1152C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe9.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=D4A01A34CB462A5ADD183B781180FE24,SHA256=CE12A30F916D7CCD57C024B6991DC4D5A80596B187E06FD3E34E0405D19D1714,IMPHASH=0B3917FB5306BF16B3F2D78E6FD4AC61{00000000-0000-0000-0000-000000000000}2524--- 154100x80000000000000001456Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:51.977{C36AC009-F39F-65EE-6401-000000005303}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2524--- 154100x80000000000000001245Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:42.884{C36AC009-F396-65EE-6301-000000005303}1080C:\Windows\Temp\8A558F9D-15CA-45BE-9CED-6A1B52316C7D\DismHost.exe10.0.14393.4169 (rs1_release.210107-1130)Dism Host Servicing ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationDismHost.exeC:\Windows\TEMP\8A558F9D-15CA-45BE-9CED-6A1B52316C7D\dismhost.exe {76FE74CD-A883-4A93-8A9A-FD4E4B7C0111}C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=A59C22B77871CC18970038B7FA43826F,SHA256=CB84B51713BAD689ABB96560E57A71B276D4B28B1C09C7116EE85F5782A1B144,IMPHASH=734010D3430DBD2CA51B599924FE1424{C36AC009-F365-65EE-3601-000000005303}3668C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\system32\wbem\wmiprvse.exeNT AUTHORITY\SYSTEM 154100x80000000000000001124Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:40.395{C36AC009-F394-65EE-6201-000000005303}3312C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F393-65EE-F2F8-0B0000000000}0xbf8f20HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F394-65EE-6101-000000005303}3320C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x80000000000000001122Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:40.280{C36AC009-F394-65EE-6101-000000005303}3320C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F393-65EE-F2F8-0B0000000000}0xbf8f20HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F394-65EE-6001-000000005303}808C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x80000000000000001120Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:40.168{C36AC009-F394-65EE-6001-000000005303}808C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F393-65EE-F2F8-0B0000000000}0xbf8f20HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F394-65EE-5F01-000000005303}748C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x80000000000000001119Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:40.162{C36AC009-F394-65EE-5F01-000000005303}748C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F393-65EE-F2F8-0B0000000000}0xbf8f20HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F393-65EE-5D01-000000005303}3352C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x80000000000000001118Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:39.941{C36AC009-F393-65EE-5D01-000000005303}3352C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\AR-WIN\Administrator{C36AC009-F393-65EE-F2F8-0B0000000000}0xbf8f20HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000001003Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:24.884{C36AC009-F384-65EE-5801-000000005303}3744C:\Windows\Temp\BEACDBCD-DA84-4E9D-820B-95CD79A1C4AF\DismHost.exe10.0.14393.4169 (rs1_release.210107-1130)Dism Host Servicing ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationDismHost.exeC:\Windows\TEMP\BEACDBCD-DA84-4E9D-820B-95CD79A1C4AF\dismhost.exe {E9AD5971-774D-457C-8D09-B8A09EA47723}C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=A59C22B77871CC18970038B7FA43826F,SHA256=CB84B51713BAD689ABB96560E57A71B276D4B28B1C09C7116EE85F5782A1B144,IMPHASH=734010D3430DBD2CA51B599924FE1424{C36AC009-F365-65EE-3601-000000005303}3668C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\system32\wbem\wmiprvse.exe -EmbeddingNT AUTHORITY\SYSTEM 154100x8000000000000000878Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:22.528{C36AC009-F382-65EE-5701-000000005303}4032C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F382-65EE-C735-090000000000}0x935c70HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F382-65EE-5601-000000005303}1216C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000876Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:22.413{C36AC009-F382-65EE-5601-000000005303}1216C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F382-65EE-C735-090000000000}0x935c70HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F382-65EE-5501-000000005303}1156C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000874Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:22.301{C36AC009-F382-65EE-5501-000000005303}1156C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F382-65EE-C735-090000000000}0x935c70HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F382-65EE-5401-000000005303}1064C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000873Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:22.296{C36AC009-F382-65EE-5401-000000005303}1064C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F382-65EE-C735-090000000000}0x935c70HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F382-65EE-5201-000000005303}980C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x8000000000000000872Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:22.080{C36AC009-F382-65EE-5201-000000005303}980C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\AR-WIN\Administrator{C36AC009-F382-65EE-C735-090000000000}0x935c70HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000869Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:18.156{C36AC009-F37E-65EE-5101-000000005303}3384C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RESF973.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC882CC2854BD04FC6B08763B93347635.TMP"C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F37C-65EE-11F1-080000000000}0x8f1110HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F37E-65EE-5001-000000005303}3388C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\mkq4eo3e.cmdline"AR-WIN\Administrator 154100x8000000000000000868Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:18.000{C36AC009-F37E-65EE-5001-000000005303}3388C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\mkq4eo3e.cmdline"C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F37C-65EE-11F1-080000000000}0x8f1110HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F37C-65EE-4A01-000000005303}3136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000865Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:17.924{C36AC009-F37D-65EE-4F01-000000005303}4032C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exeC:\Windows\system32\reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{C36AC009-F37D-65EE-4E01-000000005303}2696C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\system32\reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64NT AUTHORITY\SYSTEM 154100x8000000000000000864Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:17.919{C36AC009-F37D-65EE-4E01-000000005303}2696C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c C:\Windows\system32\reg.exe query hklm\software\microsoft\windows\softwareinventorylogging /v collectionstate /reg:64C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F37D-65EE-4C01-000000005303}3728C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /d /c C:\Windows\system32\silcollector.cmd configureNT AUTHORITY\SYSTEM 154100x8000000000000000863Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:17.088{C36AC009-F37D-65EE-4B01-000000005303}4000C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F37C-65EE-11F1-080000000000}0x8f1110HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F37C-65EE-4A01-000000005303}3136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000861Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:16.972{C36AC009-F37C-65EE-4A01-000000005303}3136C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F37C-65EE-11F1-080000000000}0x8f1110HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F37C-65EE-4901-000000005303}3396C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000859Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:16.857{C36AC009-F37C-65EE-4901-000000005303}3396C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F37C-65EE-11F1-080000000000}0x8f1110HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F37C-65EE-4801-000000005303}3536C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000858Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:16.852{C36AC009-F37C-65EE-4801-000000005303}3536C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F37C-65EE-11F1-080000000000}0x8f1110HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F37C-65EE-4601-000000005303}3620C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x8000000000000000857Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:16.632{C36AC009-F37C-65EE-4601-000000005303}3620C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\AR-WIN\Administrator{C36AC009-F37C-65EE-11F1-080000000000}0x8f1110HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000856Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:12.839{C36AC009-F378-65EE-4401-000000005303}3284C:\Windows\System32\VSSVC.exe10.0.14393.4350 (rs1_release.210407-2154)Microsoft® Volume Shadow Copy ServiceMicrosoft® Windows® Operating SystemMicrosoft CorporationVSSVC.EXEC:\Windows\system32\vssvc.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=C417EA0DC7EF39347AB3AFC6D9CE0A3C,SHA256=198E5F8976CB3643D7D0709793CD49F8565AEEAC7871389255C7560F497F99CB,IMPHASH=B933B302F069B1ED43D97EAA68CD7B05{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000854Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:11.689{C36AC009-F377-65EE-4301-000000005303}2736C:\Windows\System32\dns.exe10.0.14393.6707 (rs1_release.240122-1731)Domain Name System (DNS) ServerMicrosoft® Windows® Operating SystemMicrosoft Corporationdns.exeC:\Windows\system32\dns.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=5A62388E82778070BC48124E42D7D68E,SHA256=C2C3E4BFD3855A2FFA371DA710933D0AF01EA197BEA782FEF03A0900C9375755,IMPHASH=695C20DB111F86E11C4A5064BB32A378{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000825Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:05:01.566{C36AC009-F36D-65EE-4201-000000005303}2832C:\Windows\Temp\6D0765C5-B2DF-45BB-A31A-44A9CBCEDC77\DismHost.exe10.0.14393.4169 (rs1_release.210107-1130)Dism Host Servicing ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationDismHost.exeC:\Windows\TEMP\6D0765C5-B2DF-45BB-A31A-44A9CBCEDC77\dismhost.exe {0402BA5A-139D-48E3-AAB7-C61EC38354FA}C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=A59C22B77871CC18970038B7FA43826F,SHA256=CB84B51713BAD689ABB96560E57A71B276D4B28B1C09C7116EE85F5782A1B144,IMPHASH=734010D3430DBD2CA51B599924FE1424{C36AC009-F365-65EE-3601-000000005303}3668C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\system32\wbem\wmiprvse.exe -EmbeddingNT AUTHORITY\SYSTEM 154100x8000000000000000704Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:58.237{C36AC009-F36A-65EE-4101-000000005303}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe9.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=45D4E4A0BA891408C48EBD3363156C50,SHA256=F8EA3DCFF507F073270226A1910A4C492D85EBE1B07987560006BECBDDF1CEED,IMPHASH=B683C91350808D5BCFE1D283896855C3{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000703Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:57.486{C36AC009-F369-65EE-3F01-000000005303}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe9.0.2Monitor windows event logssplunk ApplicationSplunk Inc.splunk-winevtlog.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=7F189A17E6E9A98AD68E84A2DD83E3A3,SHA256=8890D28B2F9FA801221F7F7115BC5E3C4980D80AC663C77CD1DD9A8D4BFF956A,IMPHASH=3831812AC0DE4E18D9D31DB74D2E66B6{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000702Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:56.736{C36AC009-F368-65EE-3E01-000000005303}3280C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000701Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:55.986{C36AC009-F367-65EE-3D01-000000005303}3156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000699Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:55.064{C36AC009-F367-65EE-3C01-000000005303}3852C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000698Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:54.313{C36AC009-F366-65EE-3B01-000000005303}708C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe9.0.2Performance monitorsplunk ApplicationSplunk Inc.splunk-perfmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=C38E19AC849A4438115953E4D871B559,SHA256=C4C02165DCAA1B390CC05005A264FBC7B784393D819C0763B7C3BDC703DEE3F6,IMPHASH=55412D7362B6C3264A9D829D025AD564{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000697Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:53.852{C36AC009-F365-65EE-3A01-000000005303}2752C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.6700_none_7edb674a220f1eb8\TiWorker.exe10.0.14393.6700 (rs1_release.240108-1824)Windows Modules Installer WorkerMicrosoft® Windows® Operating SystemMicrosoft CorporationTiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.6700_none_7edb674a220f1eb8\TiWorker.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=46F4D66DA6DB12EC26A1CE860BD83208,SHA256=5E77061356B88BB2D661D66CB343A36ABF00D4E50F4A78DC6943046486B630ED,IMPHASH=38FF53C1CCC1EE4C508C0F83A88C4E19{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000696Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:53.816{C36AC009-F365-65EE-3901-000000005303}2704C:\Windows\servicing\TrustedInstaller.exe10.0.14393.3564 (rs1_release.200303-1942)Windows Modules InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationTrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=187076E4BC7B2F5FB7D54D1234B3CDEA,SHA256=7AE4CC64E2F0E5C58ABB6542233DA78B9AEAAD22C9D853AB96265EF3FBFEFABE,IMPHASH=648F735E453FC6802BFAECAC5ACA72A4{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000695Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:53.622{C36AC009-F365-65EE-3801-000000005303}428C:\Windows\Temp\7EE792BA-077D-4A28-9ABA-E25E00726D20\DismHost.exe10.0.14393.4169 (rs1_release.210107-1130)Dism Host Servicing ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationDismHost.exeC:\Windows\TEMP\7EE792BA-077D-4A28-9ABA-E25E00726D20\dismhost.exe {973EC7ED-CBB2-482E-B281-332A2DC89FEA}C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=A59C22B77871CC18970038B7FA43826F,SHA256=CB84B51713BAD689ABB96560E57A71B276D4B28B1C09C7116EE85F5782A1B144,IMPHASH=734010D3430DBD2CA51B599924FE1424{C36AC009-F365-65EE-3601-000000005303}3668C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\system32\wbem\wmiprvse.exe -EmbeddingNT AUTHORITY\SYSTEM 154100x8000000000000000658Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:53.563{C36AC009-F365-65EE-3701-000000005303}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000573Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:52.812{C36AC009-F364-65EE-3501-000000005303}2536C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe9.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=D4A01A34CB462A5ADD183B781180FE24,SHA256=CE12A30F916D7CCD57C024B6991DC4D5A80596B187E06FD3E34E0405D19D1714,IMPHASH=0B3917FB5306BF16B3F2D78E6FD4AC61{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000572Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:52.517{C36AC009-F364-65EE-3401-000000005303}3396C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F364-65EE-7136-050000000000}0x536710HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F364-65EE-3301-000000005303}3912C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000570Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:52.401{C36AC009-F364-65EE-3301-000000005303}3912C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F364-65EE-7136-050000000000}0x536710HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F364-65EE-3201-000000005303}3544C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000568Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:52.289{C36AC009-F364-65EE-3201-000000005303}3544C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F364-65EE-7136-050000000000}0x536710HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F364-65EE-3101-000000005303}3744C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000567Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:52.284{C36AC009-F364-65EE-3101-000000005303}3744C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F364-65EE-7136-050000000000}0x536710HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F364-65EE-2F01-000000005303}2492C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x8000000000000000566Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:52.064{C36AC009-F364-65EE-2F01-000000005303}2492C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\AR-WIN\Administrator{C36AC009-F364-65EE-7136-050000000000}0x536710HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000565Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:52.062{C36AC009-F364-65EE-2E01-000000005303}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000564Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:51.311{C36AC009-F363-65EE-2D01-000000005303}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe9.0.2Remote Performance monitor using WMIsplunk ApplicationSplunk Inc.splunk-wmi.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=EB621283B97C04335C867BE300509CDA,SHA256=84787BB13B2F2CA9C4B4475357249BFC24159D43023ADE984AA32E8CD06EABE6,IMPHASH=13FB2F4C20ED5B77A57401BC672A42F9{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000563Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:50.311{C36AC009-F362-65EE-2C01-000000005303}1644C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000562Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:50.202{C36AC009-F362-65EE-2B01-000000005303}2680C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000561Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:50.092{C36AC009-F362-65EE-2A01-000000005303}2708C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000560Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:49.983{C36AC009-F361-65EE-2901-000000005303}3792C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000559Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:49.874{C36AC009-F361-65EE-2801-000000005303}2720C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000558Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:49.765{C36AC009-F361-65EE-2701-000000005303}512C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000557Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:49.655{C36AC009-F361-65EE-2601-000000005303}3092C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000556Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:49.546{C36AC009-F361-65EE-2501-000000005303}3924C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000555Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:49.436{C36AC009-F361-65EE-2401-000000005303}3768C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinEventLog.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000554Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:49.329{C36AC009-F361-65EE-2301-000000005303}3668C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000553Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:49.112{C36AC009-F361-65EE-2201-000000005303}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F361-65EE-2101-000000005303}3224C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1NT AUTHORITY\SYSTEM 154100x8000000000000000552Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:49.108{C36AC009-F361-65EE-2101-000000005303}3224C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000551Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:48.897{C36AC009-F360-65EE-2001-000000005303}3348C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F360-65EE-1F01-000000005303}3396C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000550Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:48.892{C36AC009-F360-65EE-1F01-000000005303}3396C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F360-65EE-1E01-000000005303}3352C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000549Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:48.888{C36AC009-F360-65EE-1E01-000000005303}3352C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35F-65EE-1101-000000005303}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000548Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:48.683{C36AC009-F360-65EE-1D01-000000005303}3188C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F360-65EE-1C01-000000005303}3740C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list replication_port --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000547Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:48.679{C36AC009-F360-65EE-1C01-000000005303}3740C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F360-65EE-1B01-000000005303}3356C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000546Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:48.675{C36AC009-F360-65EE-1B01-000000005303}3356C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35F-65EE-1101-000000005303}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000545Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:48.430{C36AC009-F360-65EE-1A01-000000005303}3912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd" check-transforms-keysC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35F-65EE-1101-000000005303}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000544Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:48.168{C36AC009-F360-65EE-1901-000000005303}4032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F360-65EE-1801-000000005303}3388C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsNT AUTHORITY\SYSTEM 154100x8000000000000000543Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:48.164{C36AC009-F360-65EE-1801-000000005303}3388C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35F-65EE-1101-000000005303}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000542Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:47.944{C36AC009-F35F-65EE-1701-000000005303}3304C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35F-65EE-1601-000000005303}3152C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsNT AUTHORITY\SYSTEM 154100x8000000000000000541Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:47.940{C36AC009-F35F-65EE-1601-000000005303}3152C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35F-65EE-1101-000000005303}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000540Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:47.676{C36AC009-F35F-65EE-1501-000000005303}4028C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35F-65EE-1401-000000005303}3776C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000539Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:47.671{C36AC009-F35F-65EE-1401-000000005303}3776C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35F-65EE-1101-000000005303}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000538Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:47.443{C36AC009-F35F-65EE-1301-000000005303}4012C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" check-licenseC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35F-65EE-1101-000000005303}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000537Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:47.240{C36AC009-F35F-65EE-1201-000000005303}3212C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" generate-sslC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35F-65EE-1101-000000005303}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000536Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:47.233{C36AC009-F35F-65EE-1101-000000005303}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F35F-65EE-1001-000000005303}3240C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1NT AUTHORITY\SYSTEM 154100x8000000000000000535Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:47.229{C36AC009-F35F-65EE-1001-000000005303}3240C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000534Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:47.002{C36AC009-F35F-65EE-0F01-000000005303}3248C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list sslConfig --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35E-65EE-0E01-000000005303}3932C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list sslConfig --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000533Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.998{C36AC009-F35E-65EE-0E01-000000005303}3932C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list sslConfig --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35E-65EE-0D01-000000005303}2768C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000532Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.994{C36AC009-F35E-65EE-0D01-000000005303}2768C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35E-65EE-0001-000000005303}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000531Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.786{C36AC009-F35E-65EE-0C01-000000005303}8C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list watchdog --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35E-65EE-0B01-000000005303}3024C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list watchdog --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000530Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.781{C36AC009-F35E-65EE-0B01-000000005303}3024C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list watchdog --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35E-65EE-0A01-000000005303}2744C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000529Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.777{C36AC009-F35E-65EE-0A01-000000005303}2744C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35E-65EE-0001-000000005303}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000528Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.570{C36AC009-F35E-65EE-0901-000000005303}1868C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35E-65EE-0801-000000005303}2792C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000527Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.566{C36AC009-F35E-65EE-0801-000000005303}2792C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35E-65EE-0701-000000005303}2964C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000526Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.562{C36AC009-F35E-65EE-0701-000000005303}2964C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35E-65EE-0001-000000005303}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000525Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.353{C36AC009-F35E-65EE-0601-000000005303}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35E-65EE-0501-000000005303}2988C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000524Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.349{C36AC009-F35E-65EE-0501-000000005303}2988C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35E-65EE-0401-000000005303}2960C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000523Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.345{C36AC009-F35E-65EE-0401-000000005303}2960C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35E-65EE-0001-000000005303}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000522Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.130{C36AC009-F35E-65EE-0301-000000005303}3060C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35E-65EE-0201-000000005303}2704C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000521Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.126{C36AC009-F35E-65EE-0201-000000005303}2704C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35E-65EE-0101-000000005303}2708C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000520Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.123{C36AC009-F35E-65EE-0101-000000005303}2708C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35E-65EE-0001-000000005303}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000519Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.115{C36AC009-F35E-65EE-0001-000000005303}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F35E-65EE-FF00-000000005303}3856C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000518Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.112{C36AC009-F35E-65EE-FF00-000000005303}3856C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000517Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.091{C36AC009-F35E-65EE-FD00-000000005303}3180C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F35E-65EE-FB00-000000005303}3924C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsNT AUTHORITY\SYSTEM 154100x8000000000000000516Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:46.077{C36AC009-F35E-65EE-FB00-000000005303}3924C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000515Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:45.896{C36AC009-F35D-65EE-FA00-000000005303}2524C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000514Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:45.691{C36AC009-F35D-65EE-F900-000000005303}3980C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35D-65EE-F800-000000005303}3880C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logAR-WIN\Administrator 154100x8000000000000000513Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:45.687{C36AC009-F35D-65EE-F800-000000005303}3880C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35D-65EE-F700-000000005303}3668C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logAR-WIN\Administrator 154100x8000000000000000512Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:45.683{C36AC009-F35D-65EE-F700-000000005303}3668C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000511Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:45.478{C36AC009-F35D-65EE-F600-000000005303}3400C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list replication_port --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35D-65EE-F500-000000005303}3404C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list replication_port --no-logAR-WIN\Administrator 154100x8000000000000000510Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:45.474{C36AC009-F35D-65EE-F500-000000005303}3404C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list replication_port --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35D-65EE-F400-000000005303}3140C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logAR-WIN\Administrator 154100x8000000000000000509Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:45.470{C36AC009-F35D-65EE-F400-000000005303}3140C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000508Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:45.212{C36AC009-F35D-65EE-F300-000000005303}3500C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd" check-transforms-keysC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000507Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:44.945{C36AC009-F35C-65EE-F200-000000005303}3328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-regex --log-warningsC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35C-65EE-F100-000000005303}3572C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsAR-WIN\Administrator 154100x8000000000000000506Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:44.941{C36AC009-F35C-65EE-F100-000000005303}3572C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000505Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:44.722{C36AC009-F35C-65EE-F000-000000005303}3848C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-strptime --log-warningsC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35C-65EE-EF00-000000005303}3920C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsAR-WIN\Administrator 154100x8000000000000000504Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:44.717{C36AC009-F35C-65EE-EF00-000000005303}3920C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000503Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:44.447{C36AC009-F35C-65EE-EE00-000000005303}3392C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool check --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35C-65EE-ED00-000000005303}3752C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logAR-WIN\Administrator 154100x8000000000000000502Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:44.443{C36AC009-F35C-65EE-ED00-000000005303}3752C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000500Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:44.225{C36AC009-F35C-65EE-EC00-000000005303}1632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" check-licenseC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000499Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:44.015{C36AC009-F35C-65EE-EB00-000000005303}4008C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" generate-sslC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000498Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:43.810{C36AC009-F35B-65EE-EA00-000000005303}3540C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list httpServerListener: --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35B-65EE-E900-000000005303}3692C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list httpServerListener: --no-logAR-WIN\Administrator 154100x8000000000000000497Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:43.805{C36AC009-F35B-65EE-E900-000000005303}3692C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list httpServerListener: --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35B-65EE-E800-000000005303}4028C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list httpServerListener: --no-logAR-WIN\Administrator 154100x8000000000000000496Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:43.801{C36AC009-F35B-65EE-E800-000000005303}4028C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list httpServerListener: --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000495Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:43.600{C36AC009-F35B-65EE-E700-000000005303}3636C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35B-65EE-E600-000000005303}3228C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logAR-WIN\Administrator 154100x8000000000000000494Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:43.596{C36AC009-F35B-65EE-E600-000000005303}3228C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35B-65EE-E500-000000005303}3216C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logAR-WIN\Administrator 154100x8000000000000000493Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:43.592{C36AC009-F35B-65EE-E500-000000005303}3216C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000492Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:43.382{C36AC009-F35B-65EE-E400-000000005303}3240C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list httpServer --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F35B-65EE-E300-000000005303}3804C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list httpServer --no-logAR-WIN\Administrator 154100x8000000000000000491Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:43.378{C36AC009-F35B-65EE-E300-000000005303}3804C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list httpServer --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F35B-65EE-E200-000000005303}3844C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list httpServer --no-logAR-WIN\Administrator 154100x8000000000000000490Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:43.373{C36AC009-F35B-65EE-E200-000000005303}3844C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list httpServer --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000489Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:40.100{C36AC009-F358-65EE-E100-000000005303}3224C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F358-65EE-E000-000000005303}3596C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000488Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:40.096{C36AC009-F358-65EE-E000-000000005303}3596C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F358-65EE-DF00-000000005303}2524C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000487Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:40.092{C36AC009-F358-65EE-DF00-000000005303}2524C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000486Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.862{C36AC009-F357-65EE-DE00-000000005303}3536C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list watchdog --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F357-65EE-DD00-000000005303}3396C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list watchdog --no-logAR-WIN\Administrator 154100x8000000000000000485Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.858{C36AC009-F357-65EE-DD00-000000005303}3396C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list watchdog --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F357-65EE-DC00-000000005303}3668C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logAR-WIN\Administrator 154100x8000000000000000484Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.854{C36AC009-F357-65EE-DC00-000000005303}3668C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000483Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.634{C36AC009-F357-65EE-DB00-000000005303}3324C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F357-65EE-DA00-000000005303}3264C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-logAR-WIN\Administrator 154100x8000000000000000482Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.629{C36AC009-F357-65EE-DA00-000000005303}3264C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F357-65EE-D900-000000005303}3996C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logAR-WIN\Administrator 154100x8000000000000000481Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.625{C36AC009-F357-65EE-D900-000000005303}3996C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000480Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.403{C36AC009-F357-65EE-D800-000000005303}4032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F357-65EE-D700-000000005303}3504C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logAR-WIN\Administrator 154100x8000000000000000479Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.398{C36AC009-F357-65EE-D700-000000005303}3504C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F357-65EE-D600-000000005303}3572C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logAR-WIN\Administrator 154100x8000000000000000478Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.394{C36AC009-F357-65EE-D600-000000005303}3572C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000477Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.170{C36AC009-F357-65EE-D500-000000005303}2540C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F357-65EE-D400-000000005303}3376C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-logAR-WIN\Administrator 154100x8000000000000000476Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.166{C36AC009-F357-65EE-D400-000000005303}3376C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F357-65EE-D300-000000005303}3744C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-logAR-WIN\Administrator 154100x8000000000000000475Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.162{C36AC009-F357-65EE-D300-000000005303}3744C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartAR-WIN\Administrator 154100x8000000000000000474Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:39.152{C36AC009-F357-65EE-D200-000000005303}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" restartC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F356-65EE-CE00-000000005303}3756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000472Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:38.956{C36AC009-F356-65EE-D100-000000005303}3960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES6050.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSCBCEA007F993A440384F3EECCEC75F553.TMP"C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F356-65EE-D000-000000005303}3992C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\xo4u0tlp.cmdline"AR-WIN\Administrator 154100x8000000000000000471Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:38.877{C36AC009-F356-65EE-D000-000000005303}3992C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\xo4u0tlp.cmdline"C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F356-65EE-CE00-000000005303}3756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000468Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:38.125{C36AC009-F356-65EE-CF00-000000005303}3820C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F356-65EE-CE00-000000005303}3756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000466Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:38.010{C36AC009-F356-65EE-CE00-000000005303}3756C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F355-65EE-CD00-000000005303}3684C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000464Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:37.898{C36AC009-F355-65EE-CD00-000000005303}3684C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F355-65EE-CC00-000000005303}3620C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000463Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:37.894{C36AC009-F355-65EE-CC00-000000005303}3620C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F355-65EE-CA00-000000005303}3260C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x8000000000000000462Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:37.674{C36AC009-F355-65EE-CA00-000000005303}3260C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\AR-WIN\Administrator{C36AC009-F355-65EE-0858-040000000000}0x458080HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000461Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:36.526{C36AC009-F354-65EE-C900-000000005303}1632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list httpServer --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F354-65EE-C800-000000005303}3544C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list httpServer --no-logAR-WIN\Administrator 154100x8000000000000000460Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:36.521{C36AC009-F354-65EE-C800-000000005303}3544C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list httpServer --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F354-65EE-C700-000000005303}3572C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list httpServer --no-logAR-WIN\Administrator 154100x8000000000000000459Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:36.517{C36AC009-F354-65EE-C700-000000005303}3572C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list httpServer --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F352-65EE-AF00-000000005303}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" set default-hostname ar-win -auth admin:iMVCG9fw8VxieH1j8ErAR-WIN\Administrator 154100x8000000000000000458Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:36.280{C36AC009-F354-65EE-C600-000000005303}3232C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F354-65EE-C500-000000005303}3972C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000457Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:36.275{C36AC009-F354-65EE-C500-000000005303}3972C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F354-65EE-C400-000000005303}3900C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000456Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:36.271{C36AC009-F354-65EE-C400-000000005303}3900C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F352-65EE-AF00-000000005303}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" set default-hostname ar-win -auth admin:iMVCG9fw8VxieH1j8ErAR-WIN\Administrator 154100x8000000000000000455Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:36.035{C36AC009-F354-65EE-C300-000000005303}3960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F354-65EE-C200-000000005303}3152C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000454Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:36.031{C36AC009-F354-65EE-C200-000000005303}3152C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F354-65EE-C100-000000005303}4016C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000453Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:36.027{C36AC009-F354-65EE-C100-000000005303}4016C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F352-65EE-AF00-000000005303}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" set default-hostname ar-win -auth admin:iMVCG9fw8VxieH1j8ErAR-WIN\Administrator 154100x8000000000000000452Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:35.746{C36AC009-F353-65EE-C000-000000005303}3776C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exesplunkd local-rest-uri -p 8089C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F353-65EE-BF00-000000005303}4028C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c splunkd local-rest-uri -p 8089AR-WIN\Administrator 154100x8000000000000000451Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:35.742{C36AC009-F353-65EE-BF00-000000005303}4028C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c splunkd local-rest-uri -p 8089C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F352-65EE-AF00-000000005303}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" set default-hostname ar-win -auth admin:iMVCG9fw8VxieH1j8ErAR-WIN\Administrator 154100x8000000000000000450Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:35.520{C36AC009-F353-65EE-BE00-000000005303}3148C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F353-65EE-BD00-000000005303}4060C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000449Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:35.516{C36AC009-F353-65EE-BD00-000000005303}4060C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F353-65EE-BC00-000000005303}4092C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000448Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:35.512{C36AC009-F353-65EE-BC00-000000005303}4092C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F352-65EE-AF00-000000005303}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" set default-hostname ar-win -auth admin:iMVCG9fw8VxieH1j8ErAR-WIN\Administrator 154100x8000000000000000447Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:35.288{C36AC009-F353-65EE-BB00-000000005303}3116C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list watchdog --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F353-65EE-BA00-000000005303}3200C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list watchdog --no-logAR-WIN\Administrator 154100x8000000000000000446Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:35.284{C36AC009-F353-65EE-BA00-000000005303}3200C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list watchdog --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F353-65EE-B900-000000005303}3280C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logAR-WIN\Administrator 154100x8000000000000000445Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:35.280{C36AC009-F353-65EE-B900-000000005303}3280C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F352-65EE-AF00-000000005303}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" set default-hostname ar-win -auth admin:iMVCG9fw8VxieH1j8ErAR-WIN\Administrator 154100x8000000000000000444Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:35.063{C36AC009-F353-65EE-B800-000000005303}3580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F353-65EE-B700-000000005303}3340C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-logAR-WIN\Administrator 154100x8000000000000000443Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:35.059{C36AC009-F353-65EE-B700-000000005303}3340C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F353-65EE-B600-000000005303}3192C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logAR-WIN\Administrator 154100x8000000000000000442Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:35.055{C36AC009-F353-65EE-B600-000000005303}3192C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F352-65EE-AF00-000000005303}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" set default-hostname ar-win -auth admin:iMVCG9fw8VxieH1j8ErAR-WIN\Administrator 154100x8000000000000000441Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:34.835{C36AC009-F352-65EE-B500-000000005303}3684C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F352-65EE-B400-000000005303}3308C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logAR-WIN\Administrator 154100x8000000000000000440Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:34.831{C36AC009-F352-65EE-B400-000000005303}3308C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F352-65EE-B300-000000005303}3648C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logAR-WIN\Administrator 154100x8000000000000000439Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:34.827{C36AC009-F352-65EE-B300-000000005303}3648C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F352-65EE-AF00-000000005303}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" set default-hostname ar-win -auth admin:iMVCG9fw8VxieH1j8ErAR-WIN\Administrator 154100x8000000000000000438Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:34.602{C36AC009-F352-65EE-B200-000000005303}4040C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F352-65EE-B100-000000005303}3292C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-logAR-WIN\Administrator 154100x8000000000000000437Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:34.597{C36AC009-F352-65EE-B100-000000005303}3292C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F352-65EE-B000-000000005303}3512C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-logAR-WIN\Administrator 154100x8000000000000000436Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:34.593{C36AC009-F352-65EE-B000-000000005303}3512C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F352-65EE-AF00-000000005303}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" set default-hostname ar-win -auth admin:iMVCG9fw8VxieH1j8ErAR-WIN\Administrator 154100x8000000000000000435Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:34.583{C36AC009-F352-65EE-AF00-000000005303}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" set default-hostname ar-win -auth admin:iMVCG9fw8VxieH1j8ErC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F351-65EE-AB00-000000005303}3804C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000433Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:34.388{C36AC009-F352-65EE-AE00-000000005303}3372C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES4E7D.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC4C1789E3EC4A43979228F75D5E5CC2F.TMP"C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F352-65EE-AD00-000000005303}2524C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\2wfk5vap.cmdline"AR-WIN\Administrator 154100x8000000000000000432Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:34.307{C36AC009-F352-65EE-AD00-000000005303}2524C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\2wfk5vap.cmdline"C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F351-65EE-AB00-000000005303}3804C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000429Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:33.585{C36AC009-F351-65EE-AC00-000000005303}3672C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F351-65EE-AB00-000000005303}3804C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000427Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:33.470{C36AC009-F351-65EE-AB00-000000005303}3804C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F351-65EE-AA00-000000005303}3680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000425Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:33.356{C36AC009-F351-65EE-AA00-000000005303}3680C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F351-65EE-A900-000000005303}3252C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000424Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:33.352{C36AC009-F351-65EE-A900-000000005303}3252C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F351-65EE-A700-000000005303}3168C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x8000000000000000423Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:33.130{C36AC009-F351-65EE-A700-000000005303}3168C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\AR-WIN\Administrator{C36AC009-F351-65EE-4308-040000000000}0x408430HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000422Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:32.178{C36AC009-F350-65EE-A600-000000005303}3232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe9.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=45D4E4A0BA891408C48EBD3363156C50,SHA256=F8EA3DCFF507F073270226A1910A4C492D85EBE1B07987560006BECBDDF1CEED,IMPHASH=B683C91350808D5BCFE1D283896855C3{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000421Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:32.001{C36AC009-F350-65EE-A500-000000005303}3172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list httpServer --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F34F-65EE-A400-000000005303}3504C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list httpServer --no-logAR-WIN\Administrator 154100x8000000000000000420Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:31.997{C36AC009-F34F-65EE-A400-000000005303}3504C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list httpServer --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F34F-65EE-A300-000000005303}3476C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list httpServer --no-logAR-WIN\Administrator 154100x8000000000000000419Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:31.993{C36AC009-F34F-65EE-A300-000000005303}3476C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list httpServer --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F34D-65EE-8600-000000005303}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password iMVCG9fw8VxieH1j8Er -auth admin:Pl3ase-k1Ll-me:pAR-WIN\Administrator 154100x8000000000000000418Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:31.757{C36AC009-F34F-65EE-A200-000000005303}3368C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F34F-65EE-A100-000000005303}3380C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000417Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:31.753{C36AC009-F34F-65EE-A100-000000005303}3380C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F34F-65EE-A000-000000005303}3400C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000416Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:31.749{C36AC009-F34F-65EE-A000-000000005303}3400C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F34D-65EE-8600-000000005303}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password iMVCG9fw8VxieH1j8Er -auth admin:Pl3ase-k1Ll-me:pAR-WIN\Administrator 154100x8000000000000000415Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:31.501{C36AC009-F34F-65EE-9F00-000000005303}3696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F34F-65EE-9E00-000000005303}3584C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000414Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:31.496{C36AC009-F34F-65EE-9E00-000000005303}3584C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F34F-65EE-9D00-000000005303}3752C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000413Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:31.492{C36AC009-F34F-65EE-9D00-000000005303}3752C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F34D-65EE-8600-000000005303}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password iMVCG9fw8VxieH1j8Er -auth admin:Pl3ase-k1Ll-me:pAR-WIN\Administrator 154100x8000000000000000412Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:31.241{C36AC009-F34F-65EE-9A00-000000005303}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe9.0.2Monitor windows event logssplunk ApplicationSplunk Inc.splunk-winevtlog.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=7F189A17E6E9A98AD68E84A2DD83E3A3,SHA256=8890D28B2F9FA801221F7F7115BC5E3C4980D80AC663C77CD1DD9A8D4BFF956A,IMPHASH=3831812AC0DE4E18D9D31DB74D2E66B6{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000411Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:31.247{C36AC009-F34F-65EE-9C00-000000005303}3916C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F34F-65EE-9B00-000000005303}3848C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000410Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:31.243{C36AC009-F34F-65EE-9B00-000000005303}3848C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F34F-65EE-9900-000000005303}4000C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000409Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:31.239{C36AC009-F34F-65EE-9900-000000005303}4000C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F34D-65EE-8600-000000005303}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password iMVCG9fw8VxieH1j8Er -auth admin:Pl3ase-k1Ll-me:pAR-WIN\Administrator 154100x8000000000000000408Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.972{C36AC009-F34E-65EE-9800-000000005303}3792C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exesplunkd local-rest-uri -p 8089C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F34E-65EE-9700-000000005303}3904C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c splunkd local-rest-uri -p 8089AR-WIN\Administrator 154100x8000000000000000407Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.968{C36AC009-F34E-65EE-9700-000000005303}3904C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c splunkd local-rest-uri -p 8089C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F34D-65EE-8600-000000005303}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password iMVCG9fw8VxieH1j8Er -auth admin:Pl3ase-k1Ll-me:pAR-WIN\Administrator 154100x8000000000000000406Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.751{C36AC009-F34E-65EE-9600-000000005303}3588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F34E-65EE-9500-000000005303}3180C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000405Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.747{C36AC009-F34E-65EE-9500-000000005303}3180C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F34E-65EE-9400-000000005303}3124C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logAR-WIN\Administrator 154100x8000000000000000404Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.743{C36AC009-F34E-65EE-9400-000000005303}3124C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F34D-65EE-8600-000000005303}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password iMVCG9fw8VxieH1j8Er -auth admin:Pl3ase-k1Ll-me:pAR-WIN\Administrator 154100x8000000000000000403Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.351{C36AC009-F34E-65EE-9000-000000005303}3836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000402Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.508{C36AC009-F34E-65EE-9300-000000005303}3252C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list watchdog --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F34E-65EE-9200-000000005303}3628C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list watchdog --no-logAR-WIN\Administrator 154100x8000000000000000401Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.504{C36AC009-F34E-65EE-9200-000000005303}3628C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list watchdog --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F34E-65EE-9100-000000005303}3844C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logAR-WIN\Administrator 154100x8000000000000000400Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.500{C36AC009-F34E-65EE-9100-000000005303}3844C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F34D-65EE-8600-000000005303}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password iMVCG9fw8VxieH1j8Er -auth admin:Pl3ase-k1Ll-me:pAR-WIN\Administrator 154100x8000000000000000399Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.283{C36AC009-F34E-65EE-8F00-000000005303}3812C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F34E-65EE-8E00-000000005303}3544C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-logAR-WIN\Administrator 154100x8000000000000000398Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.279{C36AC009-F34E-65EE-8E00-000000005303}3544C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F34E-65EE-8D00-000000005303}3636C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logAR-WIN\Administrator 154100x8000000000000000397Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.275{C36AC009-F34E-65EE-8D00-000000005303}3636C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F34D-65EE-8600-000000005303}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password iMVCG9fw8VxieH1j8Er -auth admin:Pl3ase-k1Ll-me:pAR-WIN\Administrator 154100x8000000000000000396Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.056{C36AC009-F34E-65EE-8C00-000000005303}3604C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F34E-65EE-8B00-000000005303}3232C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logAR-WIN\Administrator 154100x8000000000000000395Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.052{C36AC009-F34E-65EE-8B00-000000005303}3232C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F34E-65EE-8A00-000000005303}3756C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logAR-WIN\Administrator 154100x8000000000000000394Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:30.048{C36AC009-F34E-65EE-8A00-000000005303}3756C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F34D-65EE-8600-000000005303}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password iMVCG9fw8VxieH1j8Er -auth admin:Pl3ase-k1Ll-me:pAR-WIN\Administrator 154100x8000000000000000393Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:29.817{C36AC009-F34D-65EE-8900-000000005303}3480C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F34D-65EE-8800-000000005303}3504C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-logAR-WIN\Administrator 154100x8000000000000000392Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:29.813{C36AC009-F34D-65EE-8800-000000005303}3504C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F34D-65EE-8700-000000005303}3348C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-logAR-WIN\Administrator 154100x8000000000000000391Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:29.809{C36AC009-F34D-65EE-8700-000000005303}3348C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F34D-65EE-8600-000000005303}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password iMVCG9fw8VxieH1j8Er -auth admin:Pl3ase-k1Ll-me:pAR-WIN\Administrator 154100x8000000000000000390Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:29.799{C36AC009-F34D-65EE-8600-000000005303}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" edit user admin -password iMVCG9fw8VxieH1j8Er -auth admin:Pl3ase-k1Ll-me:pC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F34C-65EE-8000-000000005303}3152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000389Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:29.595{C36AC009-F34D-65EE-8500-000000005303}3492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000387Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:29.537{C36AC009-F34D-65EE-8400-000000005303}3736C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES3B82.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSCC6C5718EA26B43A5A36A24A5474072.TMP"C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F34D-65EE-8300-000000005303}3644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\3gbrbuwi.cmdline"AR-WIN\Administrator 154100x8000000000000000386Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:29.273{C36AC009-F34D-65EE-8300-000000005303}3644C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\3gbrbuwi.cmdline"C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F34C-65EE-8000-000000005303}3152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000383Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:28.723{C36AC009-F34C-65EE-8200-000000005303}3584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000382Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:28.375{C36AC009-F34C-65EE-8100-000000005303}3188C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F34C-65EE-8000-000000005303}3152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==AR-WIN\Administrator 154100x8000000000000000380Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:28.256{C36AC009-F34C-65EE-8000-000000005303}3152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F34C-65EE-7F00-000000005303}4036C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000378Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:28.145{C36AC009-F34C-65EE-7F00-000000005303}4036C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F34C-65EE-7E00-000000005303}4020C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000377Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:28.140{C36AC009-F34C-65EE-7E00-000000005303}4020C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F34B-65EE-7C00-000000005303}3900C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x8000000000000000375Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:27.799{C36AC009-F34B-65EE-7A00-000000005303}3872C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe9.0.2Performance monitorsplunk ApplicationSplunk Inc.splunk-perfmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=C38E19AC849A4438115953E4D871B559,SHA256=C4C02165DCAA1B390CC05005A264FBC7B784393D819C0763B7C3BDC703DEE3F6,IMPHASH=55412D7362B6C3264A9D829D025AD564{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000374Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:27.921{C36AC009-F34B-65EE-7C00-000000005303}3900C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\AR-WIN\Administrator{C36AC009-F34B-65EE-D99A-030000000000}0x39ad90HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000372Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:26.910{C36AC009-F34A-65EE-7800-000000005303}3600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000371Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:27.071{C36AC009-F34B-65EE-7900-000000005303}3628C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-WinEvent -FilterHashtable @( @{ LogName='System'; ProviderName='Microsoft-Windows-Kernel-General'; Id=12; Level=4 }, @{ LogName='System'; ProviderName='Microsoft-Windows-WER-SystemErrorReporting'; Id=1001; Level=2 } ) | Sort-Object TimeCreated -Descending" "| Select-Object" "Id, Level, ProviderName, TimeCreated, Properties" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000368Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:26.785{C36AC009-F34A-65EE-7700-000000005303}3720C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQBiAGQANwBhAGQAOAAzADEALQAxAGMAZQBlAC0ANAA4ADcANgAtAGIAOQA4ADQALQA0ADMAZAA4ADAAOQA2ADgAMgA2ADEAZAAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34A-65EE-1F37-030000000000}0x3371f0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F34A-65EE-7400-000000005303}3232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBpAEEARwBRAEEATgB3AEIAaABBAEcAUQBBAE8AQQBBAHoAQQBEAEUAQQBMAFEAQQB4AEEARwBNAEEAWgBRAEIAbABBAEMAMABBAE4AQQBBADQAQQBEAGMAQQBOAGcAQQB0AEEARwBJAEEATwBRAEEANABBAEQAUQBBAEwAUQBBADAAQQBEAE0AQQBaAEEAQQA0AEEARABBAEEATwBRAEEAMgBBAEQAZwBBAE0AZwBBADIAQQBEAEUAQQBaAEEAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000367Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:26.773{C36AC009-F34A-65EE-7600-000000005303}3700C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-CimInstance Win32_PnPEntity | Where-Object { $_.Service -eq 'xenvbd' }" "| Select-Object" DeviceID "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000366Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:26.737{C36AC009-F34A-65EE-7500-000000005303}3688C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000364Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:26.669{C36AC009-F34A-65EE-7400-000000005303}3232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBpAEEARwBRAEEATgB3AEIAaABBAEcAUQBBAE8AQQBBAHoAQQBEAEUAQQBMAFEAQQB4AEEARwBNAEEAWgBRAEIAbABBAEMAMABBAE4AQQBBADQAQQBEAGMAQQBOAGcAQQB0AEEARwBJAEEATwBRAEEANABBAEQAUQBBAEwAUQBBADAAQQBEAE0AQQBaAEEAQQA0AEEARABBAEEATwBRAEEAMgBBAEQAZwBBAE0AZwBBADIAQQBEAEUAQQBaAEEAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34A-65EE-1F37-030000000000}0x3371f0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F34A-65EE-7300-000000005303}3240C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBpAEEARwBRAEEATgB3AEIAaABBAEcAUQBBAE8AQQBBAHoAQQBEAEUAQQBMAFEAQQB4AEEARwBNAEEAWgBRAEIAbABBAEMAMABBAE4AQQBBADQAQQBEAGMAQQBOAGcAQQB0AEEARwBJAEEATwBRAEEANABBAEQAUQBBAEwAUQBBADAAQQBEAE0AQQBaAEEAQQA0AEEARABBAEEATwBRAEEAMgBBAEQAZwBBAE0AZwBBADIAQQBEAEUAQQBaAEEAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000363Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:26.664{C36AC009-F34A-65EE-7300-000000005303}3240C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQgBpAEEARwBRAEEATgB3AEIAaABBAEcAUQBBAE8AQQBBAHoAQQBEAEUAQQBMAFEAQQB4AEEARwBNAEEAWgBRAEIAbABBAEMAMABBAE4AQQBBADQAQQBEAGMAQQBOAGcAQQB0AEEARwBJAEEATwBRAEEANABBAEQAUQBBAEwAUQBBADAAQQBEAE0AQQBaAEEAQQA0AEEARABBAEEATwBRAEEAMgBBAEQAZwBBAE0AZwBBADIAQQBEAEUAQQBaAEEAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F34A-65EE-1F37-030000000000}0x3371f0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F34A-65EE-7100-000000005303}3128C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x8000000000000000362Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:26.446{C36AC009-F34A-65EE-7100-000000005303}3128C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\AR-WIN\Administrator{C36AC009-F34A-65EE-1F37-030000000000}0x3371f0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000360Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:26.394{C36AC009-F34A-65EE-7000-000000005303}4040C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Amazon\AwsNitroEnclaves'" "| Select-Object" "Name, Version" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000358Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:26.174{C36AC009-F34A-65EE-6F00-000000005303}3936C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Amazon\PVDriver'" "| Select-Object" "Name, Version" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000357Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:25.960{C36AC009-F349-65EE-6D00-000000005303}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe9.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=D4A01A34CB462A5ADD183B781180FE24,SHA256=CE12A30F916D7CCD57C024B6991DC4D5A80596B187E06FD3E34E0405D19D1714,IMPHASH=0B3917FB5306BF16B3F2D78E6FD4AC61{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000356Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:26.138{C36AC009-F34A-65EE-6E00-000000005303}3892C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000354Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:25.871{C36AC009-F349-65EE-6C00-000000005303}3764C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-CimInstance Win32_OperatingSystem" "| Select-Object" "Version, OperatingSystemSKU" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000352Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:25.405{C36AC009-F349-65EE-6B00-000000005303}3640C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAEcAZQB0AC0AQwBpAG0ASQBuAHMAdABhAG4AYwBlACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACAALQBQAHIAbwBwAGUAcgB0AHkAIABMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAKQAuAEwAYQBzAHQAQgBvAG8AdABVAHAAVABpAG0AZQAuAFQAbwBGAGkAbABlAFQAaQBtAGUAKAApAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\AR-WIN\Administrator{C36AC009-F348-65EE-A5D5-020000000000}0x2d5a50HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F349-65EE-6A00-000000005303}3540C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000350Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:25.213{C36AC009-F349-65EE-6A00-000000005303}3540C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F348-65EE-A5D5-020000000000}0x2d5a50HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F349-65EE-6900-000000005303}3528C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AAR-WIN\Administrator 154100x8000000000000000349Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:25.208{C36AC009-F349-65EE-6900-000000005303}3528C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\AR-WIN\Administrator{C36AC009-F348-65EE-A5D5-020000000000}0x2d5a50HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F348-65EE-6600-000000005303}3408C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingAR-WIN\Administrator 154100x8000000000000000348Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:25.024{C36AC009-F349-65EE-6800-000000005303}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000347Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:24.983{C36AC009-F348-65EE-6600-000000005303}3408C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\AR-WIN\Administrator{C36AC009-F348-65EE-A5D5-020000000000}0x2d5a50HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000345Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:24.184{C36AC009-F348-65EE-6400-000000005303}3276C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe9.0.2Remote Performance monitor using WMIsplunk ApplicationSplunk Inc.splunk-wmi.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=EB621283B97C04335C867BE300509CDA,SHA256=84787BB13B2F2CA9C4B4475357249BFC24159D43023ADE984AA32E8CD06EABE6,IMPHASH=13FB2F4C20ED5B77A57401BC672A42F9{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000344Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:24.122{C36AC009-F348-65EE-6300-000000005303}3232C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000343Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:24.085{C36AC009-F348-65EE-6200-000000005303}3200C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000342Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:24.053{C36AC009-F348-65EE-6100-000000005303}3168C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'" "| Select-Object" "ProductName, BuildLabEx, CurrentMajorVersionNumber, CurrentMinorVersionNumber" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000341Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:24.048{C36AC009-F348-65EE-6000-000000005303}3148C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000340Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:24.003{C36AC009-F348-65EE-5F00-000000005303}3116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000335Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:23.174{C36AC009-F347-65EE-5E00-000000005303}2748C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000334Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:23.064{C36AC009-F347-65EE-5D00-000000005303}8C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000333Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:22.953{C36AC009-F346-65EE-5C00-000000005303}1868C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000332Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:22.849{C36AC009-F346-65EE-5B00-000000005303}2704C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000331Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:22.739{C36AC009-F346-65EE-5A00-000000005303}2972C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000330Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:22.627{C36AC009-F346-65EE-5900-000000005303}2756C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000329Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:22.516{C36AC009-F346-65EE-5800-000000005303}3060C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000328Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:22.408{C36AC009-F346-65EE-5700-000000005303}1256C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000327Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:22.297{C36AC009-F346-65EE-5600-000000005303}2744C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinEventLog.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000326Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:22.188{C36AC009-F346-65EE-5500-000000005303}2720C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000325Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.981{C36AC009-F345-65EE-5400-000000005303}2752C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000324Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.945{C36AC009-F345-65EE-5300-000000005303}2956C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000323Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.932{C36AC009-F345-65EE-5200-000000005303}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F345-65EE-5100-000000005303}2824C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1NT AUTHORITY\SYSTEM 154100x8000000000000000322Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.928{C36AC009-F345-65EE-5100-000000005303}2824C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000321Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.906{C36AC009-F345-65EE-5000-000000005303}1976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000320Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.719{C36AC009-F345-65EE-4E00-000000005303}3016C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000319Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.706{C36AC009-F345-65EE-4D00-000000005303}2756C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F345-65EE-4C00-000000005303}2972C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000318Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.702{C36AC009-F345-65EE-4C00-000000005303}2972C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F345-65EE-4B00-000000005303}3048C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000317Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.698{C36AC009-F345-65EE-4B00-000000005303}3048C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F343-65EE-3A00-000000005303}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000316Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.683{C36AC009-F345-65EE-4A00-000000005303}2924C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000315Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.401{C36AC009-F345-65EE-4500-000000005303}2812C:\Program Files\Amazon\SSM\ssm-agent-worker.exe-----"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4879BCC8BDC7111CEC0BB841BE51CF62,SHA256=2AED2927F1D688B28F192E273B8CA203E23EDBCD80794FEA7C80A0A48729B20F,IMPHASH=4F2F006E2ECF7172AD368F8289DC96C1{C36AC009-F341-65EE-2000-000000005303}1624C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000314Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.474{C36AC009-F345-65EE-4800-000000005303}2668C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F345-65EE-4700-000000005303}1872C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list replication_port --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000313Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.469{C36AC009-F345-65EE-4700-000000005303}1872C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F345-65EE-4600-000000005303}2800C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000312Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.465{C36AC009-F345-65EE-4600-000000005303}2800C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F343-65EE-3A00-000000005303}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000310Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:21.179{C36AC009-F345-65EE-4400-000000005303}2760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd" check-transforms-keysC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F343-65EE-3A00-000000005303}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000309Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:20.897{C36AC009-F344-65EE-4300-000000005303}3016C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F344-65EE-4200-000000005303}3032C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsNT AUTHORITY\SYSTEM 154100x8000000000000000308Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:20.893{C36AC009-F344-65EE-4200-000000005303}3032C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F343-65EE-3A00-000000005303}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000307Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:20.655{C36AC009-F344-65EE-4100-000000005303}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F344-65EE-4000-000000005303}2992C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsNT AUTHORITY\SYSTEM 154100x8000000000000000306Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:20.651{C36AC009-F344-65EE-4000-000000005303}2992C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F343-65EE-3A00-000000005303}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000304Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:20.304{C36AC009-F344-65EE-3F00-000000005303}2924C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F344-65EE-3E00-000000005303}2944C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000303Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:20.300{C36AC009-F344-65EE-3E00-000000005303}2944C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F343-65EE-3A00-000000005303}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000302Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:20.057{C36AC009-F344-65EE-3C00-000000005303}1852C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" check-licenseC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F343-65EE-3A00-000000005303}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000301Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:19.829{C36AC009-F343-65EE-3B00-000000005303}2728C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" generate-sslC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F343-65EE-3A00-000000005303}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000300Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:19.819{C36AC009-F343-65EE-3A00-000000005303}2700C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F343-65EE-3900-000000005303}2744C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1NT AUTHORITY\SYSTEM 154100x8000000000000000299Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:19.816{C36AC009-F343-65EE-3900-000000005303}2744C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000298Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:19.556{C36AC009-F343-65EE-3800-000000005303}360C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list sslConfig --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F343-65EE-3700-000000005303}2236C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list sslConfig --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000297Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:19.552{C36AC009-F343-65EE-3700-000000005303}2236C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list sslConfig --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F343-65EE-3600-000000005303}1256C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000296Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:19.548{C36AC009-F343-65EE-3600-000000005303}1256C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F342-65EE-2900-000000005303}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000295Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:19.336{C36AC009-F343-65EE-3500-000000005303}3044C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list watchdog --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F343-65EE-3400-000000005303}3024C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list watchdog --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000294Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:19.331{C36AC009-F343-65EE-3400-000000005303}3024C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list watchdog --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F343-65EE-3300-000000005303}3012C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000293Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:19.328{C36AC009-F343-65EE-3300-000000005303}3012C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F342-65EE-2900-000000005303}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000292Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:19.111{C36AC009-F343-65EE-3200-000000005303}2988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F343-65EE-3100-000000005303}2968C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000291Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:19.107{C36AC009-F343-65EE-3100-000000005303}2968C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F343-65EE-3000-000000005303}2956C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000290Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:19.103{C36AC009-F343-65EE-3000-000000005303}2956C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F342-65EE-2900-000000005303}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000289Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:18.881{C36AC009-F342-65EE-2F00-000000005303}2932C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F342-65EE-2E00-000000005303}2912C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000288Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:18.877{C36AC009-F342-65EE-2E00-000000005303}2912C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F342-65EE-2D00-000000005303}2900C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000287Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:18.873{C36AC009-F342-65EE-2D00-000000005303}2900C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F342-65EE-2900-000000005303}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000286Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:18.610{C36AC009-F342-65EE-2C00-000000005303}2864C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F342-65EE-2B00-000000005303}2844C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000285Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:18.604{C36AC009-F342-65EE-2B00-000000005303}2844C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F342-65EE-2A00-000000005303}2832C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000284Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:18.598{C36AC009-F342-65EE-2A00-000000005303}2832C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F342-65EE-2900-000000005303}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000283Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:18.590{C36AC009-F342-65EE-2900-000000005303}2812C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F342-65EE-2800-000000005303}2800C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000282Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:18.586{C36AC009-F342-65EE-2800-000000005303}2800C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000281Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:18.537{C36AC009-F342-65EE-2600-000000005303}2744C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F342-65EE-2400-000000005303}2700C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsNT AUTHORITY\SYSTEM 154100x8000000000000000280Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:18.510{C36AC009-F342-65EE-2400-000000005303}2700C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000277Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:17.570{C36AC009-F341-65EE-2100-000000005303}1696C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000276Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:17.881{C36AC009-F341-65EE-2300-000000005303}2484C:\Windows\System32\wbem\unsecapp.exe10.0.14393.4169 (rs1_release.210107-1130)Sink to receive asynchronous callbacks for WMI client applicationMicrosoft® Windows® Operating SystemMicrosoft Corporationunsecapp.dllC:\Windows\system32\wbem\unsecapp.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=2443CA5962E2134CB389DCD5056D27AE,SHA256=018FF62BCDC292CF9290DB0574C8EF9C97EBC26933C8FC950DD8E6B2B91972FB,IMPHASH=A3CC49DF67C2278F822C9EBB9908BF09{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000274Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:17.560{C36AC009-F341-65EE-2000-000000005303}1624C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe-----"C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=18F5F49E0B2A693659A95AE3D42AD442,SHA256=1B08939946B6CF467DFF59D52EFAE0638ED50D7618CCB64827BA17922A24B232,IMPHASH=4F2F006E2ECF7172AD368F8289DC96C1{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000273Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:17.550{C36AC009-F341-65EE-1E00-000000005303}1140C:\Windows\sysmon64.exe15.14System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-C:\Windows\sysmon64.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=99C68A0A2EE8E42EBB52E1C84F80B730,SHA256=39B094613132377BC236F4AD940A3E02C544F86347C0179A9425EDC1BD3B85CD,IMPHASH=A039666F8D08DD16E0909469DA998438{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000272Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:17.554{C36AC009-F341-65EE-1F00-000000005303}1432C:\Windows\System32\svchost.exe10.0.14393.5582 (rs1_release.221130-1719)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\System32\svchost.exe -k smbsvcsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=83557C9B0E94FCB9D5181D928563991C,SHA256=11FAEB577FAF552BE4FF2275195CD0B3471228EE56C25D38DE5261BF87DF48BA,IMPHASH=9C33C8C3DCCAC65606FE5A9180D15924{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000271Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:17.483{C36AC009-F341-65EE-1A00-000000005303}1940C:\Program Files\Amazon\XenTools\LiteAgent.exe1.0xenagentXENIFACEAmazon Inc.xenagent.exe"C:\Program Files\Amazon\XenTools\LiteAgent.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=3727559C2C2FE26EE668086FAF992815,SHA256=8130E7A850E0A088CB46F2595F7418CE9D73CE2F7750FC017ABC5CF3DED05F06,IMPHASH=C8B18E9A517CB77EA7AB3E7295D84FE8{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000270Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:17.429{C36AC009-F341-65EE-1800-000000005303}1812C:\Windows\System32\spoolsv.exe10.0.14393.6078 (rs1_release.230626-1747)Spooler SubSystem AppMicrosoft® Windows® Operating SystemMicrosoft Corporationspoolsv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=578840E14C88B6DC95EBAC0D208F493C,SHA256=C391E5024F1B8FAB6DCD88BBE3B36F71FAE02DD815EA9273D9ACB247781955FB,IMPHASH=BDE05BF1A813EB07FFA212837CB0F528{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000265Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:17.144{C36AC009-F341-65EE-1400-000000005303}1040C:\Windows\System32\svchost.exe10.0.14393.5582 (rs1_release.221130-1719)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\NT AUTHORITY\LOCAL SERVICE{C36AC009-F341-65EE-E503-000000000000}0x3e50SystemMD5=83557C9B0E94FCB9D5181D928563991C,SHA256=11FAEB577FAF552BE4FF2275195CD0B3471228EE56C25D38DE5261BF87DF48BA,IMPHASH=9C33C8C3DCCAC65606FE5A9180D15924{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000264Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:17.079{C36AC009-F341-65EE-0F00-000000005303}924C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-1{C36AC009-F341-65EE-3AAA-000000000000}0xaa3a1SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408,IMPHASH=DDB7DE3741333EE031929A760FCD4542{C36AC009-F340-65EE-0900-000000005303}556C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000263Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:17.080{C36AC009-F341-65EE-1000-000000005303}936C:\Windows\System32\svchost.exe10.0.14393.5582 (rs1_release.221130-1719)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\System32\svchost.exe -k termsvcsC:\Windows\system32\NT AUTHORITY\NETWORK SERVICE{C36AC009-F340-65EE-E403-000000000000}0x3e40SystemMD5=83557C9B0E94FCB9D5181D928563991C,SHA256=11FAEB577FAF552BE4FF2275195CD0B3471228EE56C25D38DE5261BF87DF48BA,IMPHASH=9C33C8C3DCCAC65606FE5A9180D15924{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000262Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:17.077{C36AC009-F341-65EE-0E00-000000005303}900C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa3b54855 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e71SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5,IMPHASH=A6F3A84D171E55B51A7343E05C8DFAC3{C36AC009-F340-65EE-0900-000000005303}556C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000260Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:16.802{C36AC009-F340-65EE-0C00-000000005303}732C:\Windows\System32\svchost.exe10.0.14393.5582 (rs1_release.221130-1719)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=83557C9B0E94FCB9D5181D928563991C,SHA256=11FAEB577FAF552BE4FF2275195CD0B3471228EE56C25D38DE5261BF87DF48BA,IMPHASH=9C33C8C3DCCAC65606FE5A9180D15924{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x8000000000000000258Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:16.500{C36AC009-F340-65EE-0B00-000000005303}636C:\Windows\System32\lsass.exe10.0.14393.4704 (rs1_release.211004-1917)Local Security Authority ProcessMicrosoft® Windows® Operating SystemMicrosoft Corporationlsass.exeC:\Windows\system32\lsass.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=93212FD52A9CD5ADDAD2FD2A779355D2,SHA256=95888DAEFD187FAC9C979387F75FF3628548E7DDF5D70AD489CF996B9CAD7193,IMPHASH=D6BD93CD721B30625A910C53F829499B{C36AC009-F340-65EE-0700-000000005303}492C:\Windows\System32\wininit.exewininit.exeNT AUTHORITY\SYSTEM 154100x8000000000000000257Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:16.446{C36AC009-F340-65EE-0A00-000000005303}628C:\Windows\System32\services.exe10.0.14393.4169 (rs1_release.210107-1130)Services and Controller appMicrosoft® Windows® Operating SystemMicrosoft Corporationservices.exeC:\Windows\system32\services.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=FEFC26105685C70D7260170489B5B520,SHA256=930F44F9A599937BDB23CF0C7EA4D158991B837D2A0975C15686CDD4198808E8,IMPHASH=A1C9FD59764D67AA201947276212F7CF{C36AC009-F340-65EE-0700-000000005303}492C:\Windows\System32\wininit.exewininit.exeNT AUTHORITY\SYSTEM 154100x8000000000000000256Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:16.305{C36AC009-F340-65EE-0900-000000005303}556C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e71SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9,IMPHASH=3CF10D94C117DB4F6E9D523B93429D6D{C36AC009-F340-65EE-0600-000000005303}484C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e0 0000007c NT AUTHORITY\SYSTEM 154100x8000000000000000255Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:16.270{C36AC009-F340-65EE-0700-000000005303}492C:\Windows\System32\wininit.exe10.0.14393.5582 (rs1_release.221130-1719)Windows Start-Up ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWinInit.exewininit.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=BF2E08F50F3E361EA04CC57147728352,SHA256=059966B74A344FB6347E4DC9478FC1E8760CC2EA3B63B552D10EBBB933B78D05,IMPHASH=C8D526C4E61942E1B11AE4B7EE2DDE5D{C36AC009-F340-65EE-0400-000000005303}412C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000cc 0000007c NT AUTHORITY\SYSTEM 154100x8000000000000000254Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:16.273{C36AC009-F340-65EE-0800-000000005303}500C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e71SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{C36AC009-F340-65EE-0600-000000005303}484C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e0 0000007c NT AUTHORITY\SYSTEM 154100x8000000000000000253Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:16.268{C36AC009-F340-65EE-0600-000000005303}484C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 000000e0 0000007c C:\Windows\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e71SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{C36AC009-F33F-65EE-0200-000000005303}320C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exeNT AUTHORITY\SYSTEM 154100x8000000000000000252Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:16.148{C36AC009-F340-65EE-0500-000000005303}420C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{C36AC009-F340-65EE-0400-000000005303}412C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000cc 0000007c NT AUTHORITY\SYSTEM 154100x8000000000000000251Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:16.056{C36AC009-F340-65EE-0400-000000005303}412C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 000000cc 0000007c C:\Windows\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{C36AC009-F33F-65EE-0200-000000005303}320C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exeNT AUTHORITY\SYSTEM 154100x8000000000000000250Microsoft-Windows-Sysmon/Operationalar-win-2024-03-11 12:04:15.540{C36AC009-F33F-65EE-0300-000000005303}364C:\Windows\System32\autochk.exe10.0.14393.4350 (rs1_release.210407-2154)Auto Check UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationAutoChk.Exe\??\C:\Windows\system32\autochk.exe /q /v *C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F340-65EE-E703-000000000000}0x3e70SystemMD5=A512733E2C767F87A8029400B4A48CD0,SHA256=1ED75EB59C2897304E0160E0605071178418802C31910D78A2076B0414047875,IMPHASH=1BF5E4792E849FE3BCFE23E7C1B21A3F{C36AC009-F33F-65EE-0200-000000005303}320C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exeNT AUTHORITY\SYSTEM 154100x8000000000000000245Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:04.762{C36AC009-F334-65EE-A400-000000005203}3820C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAEcAZQB0AC0AQwBpAG0ASQBuAHMAdABhAG4AYwBlACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACAALQBQAHIAbwBwAGUAcgB0AHkAIABMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAKQAuAEwAYQBzAHQAQgBvAG8AdABVAHAAVABpAG0AZQAuAFQAbwBGAGkAbABlAFQAaQBtAGUAKAApAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F334-65EE-5497-040000000000}0x497540HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F334-65EE-A300-000000005203}3944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000243Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:04.650{C36AC009-F334-65EE-A300-000000005203}3944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F334-65EE-5497-040000000000}0x497540HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F334-65EE-A200-000000005203}3952C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000242Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:04.646{C36AC009-F334-65EE-A200-000000005203}3952C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F334-65EE-5497-040000000000}0x497540HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F334-65EE-A000-000000005203}2992C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000241Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:04.431{C36AC009-F334-65EE-A000-000000005203}2992C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F334-65EE-5497-040000000000}0x497540HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F320-65EE-0C00-000000005203}728C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000240Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:03.572{C36AC009-F333-65EE-9F00-000000005203}2820C:\Windows\System32\shutdown.exe10.0.14393.0 (rs1_release.160715-1616)Windows Shutdown and Annotation ToolMicrosoft® Windows® Operating SystemMicrosoft CorporationSHUTDOWN.EXE"C:\Windows\system32\shutdown.exe" /r /t 2 /c "Reboot initiated by Ansible"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F332-65EE-6354-040000000000}0x454630HighMD5=547993395376742A437D3145AF6B0309,SHA256=F96073C3442EA0A99B4945394007602772DB36732D1511DC2068519526678F8A,IMPHASH=609F1D7580ED496A3076AEBA77DAFC7E{C36AC009-F333-65EE-9E00-000000005203}3416C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAQwBvAG4AdABpAG4AdQBlACcACgBpAGYAIAAoACQAVAByAHUAZQApACAAewAKAFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABXAGkAbgBsAG8AZwBvAG4AXABBAHUAdABvAEwAbwBnAG8AbgBDAGgAZQBjAGsAZQBkACcAIAAtAEYAbwByAGMAZQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAKAH0ACgAkAHMAdABkAG8AdQB0ACAAPQAgACQAbgB1AGwAbAAKACQAcwB0AGQAZQByAHIAIAA9ACAALgAgAHsAIABzAGgAdQB0AGQAbwB3AG4ALgBlAHgAZQAgAC8AcgAgAC8AdAAgADIAIAAvAGMAIAAnAFIAZQBiAG8AbwB0ACAAaQBuAGkAdABpAGEAdABlAGQAIABiAHkAIABBAG4AcwBpAGIAbABlACcAIAB8ACAAUwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABzAHQAZABvAHUAdAAgAH0AIAAyAD4AJgAxACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAFQAbwBTAHQAcgBpAG4AZwAKAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgAgAC0AQwBvAG0AcAByAGUAcwBzACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIABAAHsACgBzAHQAZABvAHUAdAAgAD0AIAAoAEAAKAAkAHMAdABkAG8AdQB0ACkAIAAtAGoAbwBpAG4AIAAiAGAAbgAiACkACgBzAHQAZABlAHIAcgAgAD0AIAAoAEAAKAAkAHMAdABkAGUAcgByACkAIAAtAGoAbwBpAG4AIAAiAGAAbgAiACkACgByAGMAIAA9ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAKAH0ACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000238Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:03.381{C36AC009-F333-65EE-9E00-000000005203}3416C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAQwBvAG4AdABpAG4AdQBlACcACgBpAGYAIAAoACQAVAByAHUAZQApACAAewAKAFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABXAGkAbgBsAG8AZwBvAG4AXABBAHUAdABvAEwAbwBnAG8AbgBDAGgAZQBjAGsAZQBkACcAIAAtAEYAbwByAGMAZQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAKAH0ACgAkAHMAdABkAG8AdQB0ACAAPQAgACQAbgB1AGwAbAAKACQAcwB0AGQAZQByAHIAIAA9ACAALgAgAHsAIABzAGgAdQB0AGQAbwB3AG4ALgBlAHgAZQAgAC8AcgAgAC8AdAAgADIAIAAvAGMAIAAnAFIAZQBiAG8AbwB0ACAAaQBuAGkAdABpAGEAdABlAGQAIABiAHkAIABBAG4AcwBpAGIAbABlACcAIAB8ACAAUwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABzAHQAZABvAHUAdAAgAH0AIAAyAD4AJgAxACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAFQAbwBTAHQAcgBpAG4AZwAKAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgAgAC0AQwBvAG0AcAByAGUAcwBzACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIABAAHsACgBzAHQAZABvAHUAdAAgAD0AIAAoAEAAKAAkAHMAdABkAG8AdQB0ACkAIAAtAGoAbwBpAG4AIAAiAGAAbgAiACkACgBzAHQAZABlAHIAcgAgAD0AIAAoAEAAKAAkAHMAdABkAGUAcgByACkAIAAtAGoAbwBpAG4AIAAiAGAAbgAiACkACgByAGMAIAA9ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAKAH0ACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F332-65EE-6354-040000000000}0x454630HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F333-65EE-9D00-000000005203}2520C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgBRAEEASABJAEEAWgBRAEIAbQBBAEcAVQBBAGMAZwBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAYwBBAEMAZwBCAHAAQQBHAFkAQQBJAEEAQQBvAEEAQwBRAEEAVgBBAEIAeQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBLAEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEEAZwBBAEMAMABBAFQAQQBCAHAAQQBIAFEAQQBaAFEAQgB5AEEARwBFAEEAYgBBAEIAUQBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBKAHcAQgBJAEEARQBzAEEAVABBAEIATgBBAEQAbwBBAFgAQQBCAFQAQQBFADgAQQBSAGcAQgBVAEEARgBjAEEAUQBRAEIAUwBBAEUAVQBBAFgAQQBCAE4AQQBHAGsAQQBZAHcAQgB5AEEARwA4AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCAGMAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEgATQBBAEkAQQBCAE8AQQBGAFEAQQBYAEEAQgBEAEEASABVAEEAYwBnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAQQBCAFgAQQBHAGsAQQBiAGcAQgBzAEEARwA4AEEAWgB3AEIAdgBBAEcANABBAFgAQQBCAEIAQQBIAFUAQQBkAEEAQgB2AEEARQB3AEEAYgB3AEIAbgBBAEcAOABBAGIAZwBCAEQAQQBHAGcAQQBaAFEAQgBqAEEARwBzAEEAWgBRAEIAawBBAEMAYwBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAEsAQQBIADAAQQBDAGcAQQBrAEEASABNAEEAZABBAEIAawBBAEcAOABBAGQAUQBCADAAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYgBnAEIAMQBBAEcAdwBBAGIAQQBBAEsAQQBDAFEAQQBjAHcAQgAwAEEARwBRAEEAWgBRAEIAeQBBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBMAGcAQQBnAEEASABzAEEASQBBAEIAegBBAEcAZwBBAGQAUQBCADAAQQBHAFEAQQBiAHcAQgAzAEEARwA0AEEATABnAEIAbABBAEgAZwBBAFoAUQBBAGcAQQBDADgAQQBjAGcAQQBnAEEAQwA4AEEAZABBAEEAZwBBAEQASQBBAEkAQQBBAHYAQQBHAE0AQQBJAEEAQQBuAEEARgBJAEEAWgBRAEIAaQBBAEcAOABBAGIAdwBCADAAQQBDAEEAQQBhAFEAQgB1AEEARwBrAEEAZABBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBHAFEAQQBJAEEAQgBpAEEASABrAEEASQBBAEIAQgBBAEcANABBAGMAdwBCAHAAQQBHAEkAQQBiAEEAQgBsAEEAQwBjAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBIADAAQQBJAEEAQQB5AEEARAA0AEEASgBnAEEAeABBAEMAQQBBAGYAQQBBAGcAQQBFAFkAQQBiAHcAQgB5AEEARQBVAEEAWQBRAEIAagBBAEcAZwBBAEwAUQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEYAUQBBAGIAdwBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwA0AEEAWgB3AEEASwBBAEUATQBBAGIAdwBCAHUAQQBIAFkAQQBaAFEAQgB5AEEASABRAEEAVgBBAEIAdgBBAEMAMABBAFMAZwBCAHoAQQBHADgAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEAQwBBAEEATABRAEIASgBBAEcANABBAGMAQQBCADEAQQBIAFEAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAEEAQQBIAHMAQQBDAGcAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBBAEEASwBBAEEAawBBAEgATQBBAGQAQQBCAGsAQQBHADgAQQBkAFEAQgAwAEEAQwBrAEEASQBBAEEAdABBAEcAbwBBAGIAdwBCAHAAQQBHADQAQQBJAEEAQQBpAEEARwBBAEEAYgBnAEEAaQBBAEMAawBBAEMAZwBCAHoAQQBIAFEAQQBaAEEAQgBsAEEASABJAEEAYwBnAEEAZwBBAEQAMABBAEkAQQBBAG8AQQBFAEEAQQBLAEEAQQBrAEEASABNAEEAZABBAEIAawBBAEcAVQBBAGMAZwBCAHkAQQBDAGsAQQBJAEEAQQB0AEEARwBvAEEAYgB3AEIAcABBAEcANABBAEkAQQBBAGkAQQBHAEEAQQBiAGcAQQBpAEEAQwBrAEEAQwBnAEIAeQBBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEASwBBAEgAMABBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==EC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000236Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:03.268{C36AC009-F333-65EE-9D00-000000005203}2520C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgBRAEEASABJAEEAWgBRAEIAbQBBAEcAVQBBAGMAZwBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAYwBBAEMAZwBCAHAAQQBHAFkAQQBJAEEAQQBvAEEAQwBRAEEAVgBBAEIAeQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBLAEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEEAZwBBAEMAMABBAFQAQQBCAHAAQQBIAFEAQQBaAFEAQgB5AEEARwBFAEEAYgBBAEIAUQBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBKAHcAQgBJAEEARQBzAEEAVABBAEIATgBBAEQAbwBBAFgAQQBCAFQAQQBFADgAQQBSAGcAQgBVAEEARgBjAEEAUQBRAEIAUwBBAEUAVQBBAFgAQQBCAE4AQQBHAGsAQQBZAHcAQgB5AEEARwA4AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCAGMAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEgATQBBAEkAQQBCAE8AQQBGAFEAQQBYAEEAQgBEAEEASABVAEEAYwBnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAQQBCAFgAQQBHAGsAQQBiAGcAQgBzAEEARwA4AEEAWgB3AEIAdgBBAEcANABBAFgAQQBCAEIAQQBIAFUAQQBkAEEAQgB2AEEARQB3AEEAYgB3AEIAbgBBAEcAOABBAGIAZwBCAEQAQQBHAGcAQQBaAFEAQgBqAEEARwBzAEEAWgBRAEIAawBBAEMAYwBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAEsAQQBIADAAQQBDAGcAQQBrAEEASABNAEEAZABBAEIAawBBAEcAOABBAGQAUQBCADAAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYgBnAEIAMQBBAEcAdwBBAGIAQQBBAEsAQQBDAFEAQQBjAHcAQgAwAEEARwBRAEEAWgBRAEIAeQBBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBMAGcAQQBnAEEASABzAEEASQBBAEIAegBBAEcAZwBBAGQAUQBCADAAQQBHAFEAQQBiAHcAQgAzAEEARwA0AEEATABnAEIAbABBAEgAZwBBAFoAUQBBAGcAQQBDADgAQQBjAGcAQQBnAEEAQwA4AEEAZABBAEEAZwBBAEQASQBBAEkAQQBBAHYAQQBHAE0AQQBJAEEAQQBuAEEARgBJAEEAWgBRAEIAaQBBAEcAOABBAGIAdwBCADAAQQBDAEEAQQBhAFEAQgB1AEEARwBrAEEAZABBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBHAFEAQQBJAEEAQgBpAEEASABrAEEASQBBAEIAQgBBAEcANABBAGMAdwBCAHAAQQBHAEkAQQBiAEEAQgBsAEEAQwBjAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBIADAAQQBJAEEAQQB5AEEARAA0AEEASgBnAEEAeABBAEMAQQBBAGYAQQBBAGcAQQBFAFkAQQBiAHcAQgB5AEEARQBVAEEAWQBRAEIAagBBAEcAZwBBAEwAUQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEYAUQBBAGIAdwBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwA0AEEAWgB3AEEASwBBAEUATQBBAGIAdwBCAHUAQQBIAFkAQQBaAFEAQgB5AEEASABRAEEAVgBBAEIAdgBBAEMAMABBAFMAZwBCAHoAQQBHADgAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEAQwBBAEEATABRAEIASgBBAEcANABBAGMAQQBCADEAQQBIAFEAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAEEAQQBIAHMAQQBDAGcAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBBAEEASwBBAEEAawBBAEgATQBBAGQAQQBCAGsAQQBHADgAQQBkAFEAQgAwAEEAQwBrAEEASQBBAEEAdABBAEcAbwBBAGIAdwBCAHAAQQBHADQAQQBJAEEAQQBpAEEARwBBAEEAYgBnAEEAaQBBAEMAawBBAEMAZwBCAHoAQQBIAFEAQQBaAEEAQgBsAEEASABJAEEAYwBnAEEAZwBBAEQAMABBAEkAQQBBAG8AQQBFAEEAQQBLAEEAQQBrAEEASABNAEEAZABBAEIAawBBAEcAVQBBAGMAZwBCAHkAQQBDAGsAQQBJAEEAQQB0AEEARwBvAEEAYgB3AEIAcABBAEcANABBAEkAQQBBAGkAQQBHAEEAQQBiAGcAQQBpAEEAQwBrAEEAQwBnAEIAeQBBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEASwBBAEgAMABBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F332-65EE-6354-040000000000}0x454630HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F333-65EE-9C00-000000005203}3812C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgBRAEEASABJAEEAWgBRAEIAbQBBAEcAVQBBAGMAZwBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAYwBBAEMAZwBCAHAAQQBHAFkAQQBJAEEAQQBvAEEAQwBRAEEAVgBBAEIAeQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBLAEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEEAZwBBAEMAMABBAFQAQQBCAHAAQQBIAFEAQQBaAFEAQgB5AEEARwBFAEEAYgBBAEIAUQBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBKAHcAQgBJAEEARQBzAEEAVABBAEIATgBBAEQAbwBBAFgAQQBCAFQAQQBFADgAQQBSAGcAQgBVAEEARgBjAEEAUQBRAEIAUwBBAEUAVQBBAFgAQQBCAE4AQQBHAGsAQQBZAHcAQgB5AEEARwA4AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCAGMAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEgATQBBAEkAQQBCAE8AQQBGAFEAQQBYAEEAQgBEAEEASABVAEEAYwBnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAQQBCAFgAQQBHAGsAQQBiAGcAQgBzAEEARwA4AEEAWgB3AEIAdgBBAEcANABBAFgAQQBCAEIAQQBIAFUAQQBkAEEAQgB2AEEARQB3AEEAYgB3AEIAbgBBAEcAOABBAGIAZwBCAEQAQQBHAGcAQQBaAFEAQgBqAEEARwBzAEEAWgBRAEIAawBBAEMAYwBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAEsAQQBIADAAQQBDAGcAQQBrAEEASABNAEEAZABBAEIAawBBAEcAOABBAGQAUQBCADAAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYgBnAEIAMQBBAEcAdwBBAGIAQQBBAEsAQQBDAFEAQQBjAHcAQgAwAEEARwBRAEEAWgBRAEIAeQBBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBMAGcAQQBnAEEASABzAEEASQBBAEIAegBBAEcAZwBBAGQAUQBCADAAQQBHAFEAQQBiAHcAQgAzAEEARwA0AEEATABnAEIAbABBAEgAZwBBAFoAUQBBAGcAQQBDADgAQQBjAGcAQQBnAEEAQwA4AEEAZABBAEEAZwBBAEQASQBBAEkAQQBBAHYAQQBHAE0AQQBJAEEAQQBuAEEARgBJAEEAWgBRAEIAaQBBAEcAOABBAGIAdwBCADAAQQBDAEEAQQBhAFEAQgB1AEEARwBrAEEAZABBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBHAFEAQQBJAEEAQgBpAEEASABrAEEASQBBAEIAQgBBAEcANABBAGMAdwBCAHAAQQBHAEkAQQBiAEEAQgBsAEEAQwBjAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBIADAAQQBJAEEAQQB5AEEARAA0AEEASgBnAEEAeABBAEMAQQBBAGYAQQBBAGcAQQBFAFkAQQBiAHcAQgB5AEEARQBVAEEAWQBRAEIAagBBAEcAZwBBAEwAUQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEYAUQBBAGIAdwBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwA0AEEAWgB3AEEASwBBAEUATQBBAGIAdwBCAHUAQQBIAFkAQQBaAFEAQgB5AEEASABRAEEAVgBBAEIAdgBBAEMAMABBAFMAZwBCAHoAQQBHADgAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEAQwBBAEEATABRAEIASgBBAEcANABBAGMAQQBCADEAQQBIAFEAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAEEAQQBIAHMAQQBDAGcAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBBAEEASwBBAEEAawBBAEgATQBBAGQAQQBCAGsAQQBHADgAQQBkAFEAQgAwAEEAQwBrAEEASQBBAEEAdABBAEcAbwBBAGIAdwBCAHAAQQBHADQAQQBJAEEAQQBpAEEARwBBAEEAYgBnAEEAaQBBAEMAawBBAEMAZwBCAHoAQQBIAFEAQQBaAEEAQgBsAEEASABJAEEAYwBnAEEAZwBBAEQAMABBAEkAQQBBAG8AQQBFAEEAQQBLAEEAQQBrAEEASABNAEEAZABBAEIAawBBAEcAVQBBAGMAZwBCAHkAQQBDAGsAQQBJAEEAQQB0AEEARwBvAEEAYgB3AEIAcABBAEcANABBAEkAQQBBAGkAQQBHAEEAQQBiAGcAQQBpAEEAQwBrAEEAQwBnAEIAeQBBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEASwBBAEgAMABBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==EC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000235Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:03.264{C36AC009-F333-65EE-9C00-000000005203}3812C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgBRAEEASABJAEEAWgBRAEIAbQBBAEcAVQBBAGMAZwBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAYwBBAEMAZwBCAHAAQQBHAFkAQQBJAEEAQQBvAEEAQwBRAEEAVgBBAEIAeQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBLAEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEEAZwBBAEMAMABBAFQAQQBCAHAAQQBIAFEAQQBaAFEAQgB5AEEARwBFAEEAYgBBAEIAUQBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBKAHcAQgBJAEEARQBzAEEAVABBAEIATgBBAEQAbwBBAFgAQQBCAFQAQQBFADgAQQBSAGcAQgBVAEEARgBjAEEAUQBRAEIAUwBBAEUAVQBBAFgAQQBCAE4AQQBHAGsAQQBZAHcAQgB5AEEARwA4AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCAGMAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEgATQBBAEkAQQBCAE8AQQBGAFEAQQBYAEEAQgBEAEEASABVAEEAYwBnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAQQBCAFgAQQBHAGsAQQBiAGcAQgBzAEEARwA4AEEAWgB3AEIAdgBBAEcANABBAFgAQQBCAEIAQQBIAFUAQQBkAEEAQgB2AEEARQB3AEEAYgB3AEIAbgBBAEcAOABBAGIAZwBCAEQAQQBHAGcAQQBaAFEAQgBqAEEARwBzAEEAWgBRAEIAawBBAEMAYwBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAEsAQQBIADAAQQBDAGcAQQBrAEEASABNAEEAZABBAEIAawBBAEcAOABBAGQAUQBCADAAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYgBnAEIAMQBBAEcAdwBBAGIAQQBBAEsAQQBDAFEAQQBjAHcAQgAwAEEARwBRAEEAWgBRAEIAeQBBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBMAGcAQQBnAEEASABzAEEASQBBAEIAegBBAEcAZwBBAGQAUQBCADAAQQBHAFEAQQBiAHcAQgAzAEEARwA0AEEATABnAEIAbABBAEgAZwBBAFoAUQBBAGcAQQBDADgAQQBjAGcAQQBnAEEAQwA4AEEAZABBAEEAZwBBAEQASQBBAEkAQQBBAHYAQQBHAE0AQQBJAEEAQQBuAEEARgBJAEEAWgBRAEIAaQBBAEcAOABBAGIAdwBCADAAQQBDAEEAQQBhAFEAQgB1AEEARwBrAEEAZABBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBHAFEAQQBJAEEAQgBpAEEASABrAEEASQBBAEIAQgBBAEcANABBAGMAdwBCAHAAQQBHAEkAQQBiAEEAQgBsAEEAQwBjAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBIADAAQQBJAEEAQQB5AEEARAA0AEEASgBnAEEAeABBAEMAQQBBAGYAQQBBAGcAQQBFAFkAQQBiAHcAQgB5AEEARQBVAEEAWQBRAEIAagBBAEcAZwBBAEwAUQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEYAUQBBAGIAdwBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwA0AEEAWgB3AEEASwBBAEUATQBBAGIAdwBCAHUAQQBIAFkAQQBaAFEAQgB5AEEASABRAEEAVgBBAEIAdgBBAEMAMABBAFMAZwBCAHoAQQBHADgAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEAQwBBAEEATABRAEIASgBBAEcANABBAGMAQQBCADEAQQBIAFEAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAEEAQQBIAHMAQQBDAGcAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBBAEEASwBBAEEAawBBAEgATQBBAGQAQQBCAGsAQQBHADgAQQBkAFEAQgAwAEEAQwBrAEEASQBBAEEAdABBAEcAbwBBAGIAdwBCAHAAQQBHADQAQQBJAEEAQQBpAEEARwBBAEEAYgBnAEEAaQBBAEMAawBBAEMAZwBCAHoAQQBIAFEAQQBaAEEAQgBsAEEASABJAEEAYwBnAEEAZwBBAEQAMABBAEkAQQBBAG8AQQBFAEEAQQBLAEEAQQBrAEEASABNAEEAZABBAEIAawBBAEcAVQBBAGMAZwBCAHkAQQBDAGsAQQBJAEEAQQB0AEEARwBvAEEAYgB3AEIAcABBAEcANABBAEkAQQBBAGkAQQBHAEEAQQBiAGcAQQBpAEEAQwBrAEEAQwBnAEIAeQBBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEASwBBAEgAMABBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F332-65EE-6354-040000000000}0x454630HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F332-65EE-9700-000000005203}3856C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000232Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:02.592{C36AC009-F332-65EE-9B00-000000005203}3564C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAEcAZQB0AC0AQwBpAG0ASQBuAHMAdABhAG4AYwBlACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACAALQBQAHIAbwBwAGUAcgB0AHkAIABMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAKQAuAEwAYQBzAHQAQgBvAG8AdABVAHAAVABpAG0AZQAuAFQAbwBGAGkAbABlAFQAaQBtAGUAKAApAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F332-65EE-6354-040000000000}0x454630HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F332-65EE-9A00-000000005203}3440C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000230Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:02.481{C36AC009-F332-65EE-9A00-000000005203}3440C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F332-65EE-6354-040000000000}0x454630HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F332-65EE-9900-000000005203}3708C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000229Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:02.476{C36AC009-F332-65EE-9900-000000005203}3708C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F332-65EE-6354-040000000000}0x454630HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F332-65EE-9700-000000005203}3856C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000228Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:02.259{C36AC009-F332-65EE-9700-000000005203}3856C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F332-65EE-6354-040000000000}0x454630HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F320-65EE-0C00-000000005203}728C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000226Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:01.025{C36AC009-F331-65EE-9600-000000005203}3724C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES4D06.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC86EED9392E024E849160D208051C66.TMP"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32F-65EE-FF21-040000000000}0x421ff0HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F330-65EE-9500-000000005203}4092C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\xnrt34ht.cmdline"EC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000225Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:00.912{C36AC009-F330-65EE-9500-000000005203}4092C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\xnrt34ht.cmdline"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32F-65EE-FF21-040000000000}0x421ff0HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F32F-65EE-9300-000000005203}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==EC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000221Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:04:00.066{C36AC009-F330-65EE-9400-000000005203}2500C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32F-65EE-FF21-040000000000}0x421ff0HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F32F-65EE-9300-000000005203}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==EC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000219Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:59.943{C36AC009-F32F-65EE-9300-000000005203}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32F-65EE-FF21-040000000000}0x421ff0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F32F-65EE-9200-000000005203}3920C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000217Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:59.799{C36AC009-F32F-65EE-9200-000000005203}3920C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32F-65EE-FF21-040000000000}0x421ff0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F32F-65EE-9100-000000005203}3916C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000216Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:59.792{C36AC009-F32F-65EE-9100-000000005203}3916C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32F-65EE-FF21-040000000000}0x421ff0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F32F-65EE-8E00-000000005203}3816C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000215Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:59.582{C36AC009-F32F-65EE-9000-000000005203}3988C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe9.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=45D4E4A0BA891408C48EBD3363156C50,SHA256=F8EA3DCFF507F073270226A1910A4C492D85EBE1B07987560006BECBDDF1CEED,IMPHASH=B683C91350808D5BCFE1D283896855C3{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000214Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:59.571{C36AC009-F32F-65EE-8E00-000000005203}3816C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32F-65EE-FF21-040000000000}0x421ff0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F320-65EE-0C00-000000005203}728C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000213Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:58.642{C36AC009-F32E-65EE-8D00-000000005203}3544C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe9.0.2Monitor windows event logssplunk ApplicationSplunk Inc.splunk-winevtlog.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=7F189A17E6E9A98AD68E84A2DD83E3A3,SHA256=8890D28B2F9FA801221F7F7115BC5E3C4980D80AC663C77CD1DD9A8D4BFF956A,IMPHASH=3831812AC0DE4E18D9D31DB74D2E66B6{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000212Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:57.695{C36AC009-F32D-65EE-8C00-000000005203}4064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000210Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:57.054{C36AC009-F32D-65EE-8B00-000000005203}3056C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES3D86.tmp" "c:\Users\Administrator\AppData\Local\Temp\ansible-moduletmp-133546322369680986-1403041106\CSC9639843AFBF94990BCFB8BD5EDB2876.TMP"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32A-65EE-10AA-030000000000}0x3aa100HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F32C-65EE-8A00-000000005203}2012C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\ansible-moduletmp-133546322369680986-1403041106\p5touju4.cmdline"EC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000209Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:56.990{C36AC009-F32C-65EE-8A00-000000005203}2012C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\ansible-moduletmp-133546322369680986-1403041106\p5touju4.cmdline"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32A-65EE-10AA-030000000000}0x3aa100HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F32B-65EE-8300-000000005203}3468C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==EC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000206Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:56.937{C36AC009-F32C-65EE-8900-000000005203}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000204Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:56.700{C36AC009-F32C-65EE-8800-000000005203}3832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES3C1E.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC100C94C9EDA94A17846ECE4536486EC6.TMP"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32A-65EE-10AA-030000000000}0x3aa100HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F32C-65EE-8700-000000005203}3912C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\jfthusmr.cmdline"EC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000203Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:56.381{C36AC009-F32C-65EE-8700-000000005203}3912C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\jfthusmr.cmdline"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32A-65EE-10AA-030000000000}0x3aa100HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F32B-65EE-8300-000000005203}3468C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==EC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000200Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:56.034{C36AC009-F32C-65EE-8600-000000005203}3800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000198Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:55.094{C36AC009-F32B-65EE-8200-000000005203}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe9.0.2Performance monitorsplunk ApplicationSplunk Inc.splunk-perfmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-perfmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=C38E19AC849A4438115953E4D871B559,SHA256=C4C02165DCAA1B390CC05005A264FBC7B784393D819C0763B7C3BDC703DEE3F6,IMPHASH=55412D7362B6C3264A9D829D025AD564{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000197Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:55.262{C36AC009-F32B-65EE-8400-000000005203}3852C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32A-65EE-10AA-030000000000}0x3aa100HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F32B-65EE-8300-000000005203}3468C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==EC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000195Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:55.141{C36AC009-F32B-65EE-8300-000000005203}3468C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32A-65EE-10AA-030000000000}0x3aa100HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F32B-65EE-8100-000000005203}3576C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000193Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:55.026{C36AC009-F32B-65EE-8100-000000005203}3576C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32A-65EE-10AA-030000000000}0x3aa100HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F32B-65EE-8000-000000005203}3472C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000192Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:55.021{C36AC009-F32B-65EE-8000-000000005203}3472C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32A-65EE-10AA-030000000000}0x3aa100HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F32A-65EE-7E00-000000005203}3460C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000191Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:54.801{C36AC009-F32A-65EE-7E00-000000005203}3460C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F32A-65EE-10AA-030000000000}0x3aa100HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F320-65EE-0C00-000000005203}728C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000190Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:54.228{C36AC009-F32A-65EE-7D00-000000005203}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000189Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:53.281{C36AC009-F329-65EE-7B00-000000005203}3172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe9.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=D4A01A34CB462A5ADD183B781180FE24,SHA256=CE12A30F916D7CCD57C024B6991DC4D5A80596B187E06FD3E34E0405D19D1714,IMPHASH=0B3917FB5306BF16B3F2D78E6FD4AC61{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000187Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:53.295{C36AC009-F329-65EE-7C00-000000005203}3416C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBHAGUAdAAtAEkAdABlAG0AIAAtAEwAaQB0AGUAcgBhAGwAUABhAHQAaAAgACcASABLAEwATQA6AFwAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzACAATgBUAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAVwBpAG4AbABvAGcAbwBuAFwAQQB1AHQAbwBMAG8AZwBvAG4AQwBoAGUAYwBrAGUAZAAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAHQAbwBwADsAIAAnAHMAdQBjAGMAZQBzAHMALQAwAGQAZQA3AGMAZgA3AGUALQA0AGQAZgA4AC0ANABkAGYANgAtAGIAYgA3AGIALQBlADMAYgBlAGQANQBhADQAYQBjAGQANQAnAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F328-65EE-F383-030000000000}0x383f30HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F329-65EE-7A00-000000005203}4076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQQB3AEEARwBRAEEAWgBRAEEAMwBBAEcATQBBAFoAZwBBADMAQQBHAFUAQQBMAFEAQQAwAEEARwBRAEEAWgBnAEEANABBAEMAMABBAE4AQQBCAGsAQQBHAFkAQQBOAGcAQQB0AEEARwBJAEEAWQBnAEEAMwBBAEcASQBBAEwAUQBCAGwAQQBEAE0AQQBZAGcAQgBsAEEARwBRAEEATgBRAEIAaABBAEQAUQBBAFkAUQBCAGoAQQBHAFEAQQBOAFEAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000185Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:53.181{C36AC009-F329-65EE-7A00-000000005203}4076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQQB3AEEARwBRAEEAWgBRAEEAMwBBAEcATQBBAFoAZwBBADMAQQBHAFUAQQBMAFEAQQAwAEEARwBRAEEAWgBnAEEANABBAEMAMABBAE4AQQBCAGsAQQBHAFkAQQBOAGcAQQB0AEEARwBJAEEAWQBnAEEAMwBBAEcASQBBAEwAUQBCAGwAQQBEAE0AQQBZAGcAQgBsAEEARwBRAEEATgBRAEIAaABBAEQAUQBBAFkAUQBCAGoAQQBHAFEAQQBOAFEAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F328-65EE-F383-030000000000}0x383f30HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F329-65EE-7900-000000005203}4060C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQQB3AEEARwBRAEEAWgBRAEEAMwBBAEcATQBBAFoAZwBBADMAQQBHAFUAQQBMAFEAQQAwAEEARwBRAEEAWgBnAEEANABBAEMAMABBAE4AQQBCAGsAQQBHAFkAQQBOAGcAQQB0AEEARwBJAEEAWQBnAEEAMwBBAEcASQBBAEwAUQBCAGwAQQBEAE0AQQBZAGcAQgBsAEEARwBRAEEATgBRAEIAaABBAEQAUQBBAFkAUQBCAGoAQQBHAFEAQQBOAFEAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000184Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:53.176{C36AC009-F329-65EE-7900-000000005203}4060C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARQBrAEEAZABBAEIAbABBAEcAMABBAEkAQQBBAHQAQQBFAHcAQQBhAFEAQgAwAEEARwBVAEEAYwBnAEIAaABBAEcAdwBBAFUAQQBCAGgAQQBIAFEAQQBhAEEAQQBnAEEAQwBjAEEAUwBBAEIATABBAEUAdwBBAFQAUQBBADYAQQBGAHcAQQBVAHcAQgBQAEEARQBZAEEAVgBBAEIAWABBAEUARQBBAFUAZwBCAEYAQQBGAHcAQQBUAFEAQgBwAEEARwBNAEEAYwBnAEIAdgBBAEgATQBBAGIAdwBCAG0AQQBIAFEAQQBYAEEAQgBYAEEARwBrAEEAYgBnAEIAawBBAEcAOABBAGQAdwBCAHoAQQBDAEEAQQBUAGcAQgBVAEEARgB3AEEAUQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBGAHcAQQBWAHcAQgBwAEEARwA0AEEAYgBBAEIAdgBBAEcAYwBBAGIAdwBCAHUAQQBGAHcAQQBRAFEAQgAxAEEASABRAEEAYgB3AEIATQBBAEcAOABBAFoAdwBCAHYAQQBHADQAQQBRAHcAQgBvAEEARwBVAEEAWQB3AEIAcgBBAEcAVQBBAFoAQQBBAG4AQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEgAUQBBAGIAdwBCAHcAQQBEAHMAQQBJAEEAQQBuAEEASABNAEEAZABRAEIAagBBAEcATQBBAFoAUQBCAHoAQQBIAE0AQQBMAFEAQQB3AEEARwBRAEEAWgBRAEEAMwBBAEcATQBBAFoAZwBBADMAQQBHAFUAQQBMAFEAQQAwAEEARwBRAEEAWgBnAEEANABBAEMAMABBAE4AQQBCAGsAQQBHAFkAQQBOAGcAQQB0AEEARwBJAEEAWQBnAEEAMwBBAEcASQBBAEwAUQBCAGwAQQBEAE0AQQBZAGcAQgBsAEEARwBRAEEATgBRAEIAaABBAEQAUQBBAFkAUQBCAGoAQQBHAFEAQQBOAFEAQQBuAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F328-65EE-F383-030000000000}0x383f30HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F328-65EE-7700-000000005203}3936C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000183Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:52.959{C36AC009-F328-65EE-7700-000000005203}3936C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F328-65EE-F383-030000000000}0x383f30HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F320-65EE-0C00-000000005203}728C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000182Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:52.332{C36AC009-F328-65EE-7600-000000005203}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000180Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:52.065{C36AC009-F328-65EE-7500-000000005203}3824C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAEcAZQB0AC0AQwBpAG0ASQBuAHMAdABhAG4AYwBlACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACAALQBQAHIAbwBwAGUAcgB0AHkAIABMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAKQAuAEwAYQBzAHQAQgBvAG8AdABVAHAAVABpAG0AZQAuAFQAbwBGAGkAbABlAFQAaQBtAGUAKAApAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F327-65EE-9D58-030000000000}0x3589d0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F327-65EE-7400-000000005203}2960C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000178Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:51.936{C36AC009-F327-65EE-7400-000000005203}2960C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F327-65EE-9D58-030000000000}0x3589d0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F327-65EE-7300-000000005203}3656C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000177Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:51.931{C36AC009-F327-65EE-7300-000000005203}3656C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F327-65EE-9D58-030000000000}0x3589d0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F327-65EE-7100-000000005203}3320C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x8000000000000000176Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:51.704{C36AC009-F327-65EE-7100-000000005203}3320C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F327-65EE-9D58-030000000000}0x3589d0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F320-65EE-0C00-000000005203}728C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x8000000000000000175Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:51.455{C36AC009-F327-65EE-6F00-000000005203}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe9.0.2Remote Performance monitor using WMIsplunk ApplicationSplunk Inc.splunk-wmi.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-wmi.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=EB621283B97C04335C867BE300509CDA,SHA256=84787BB13B2F2CA9C4B4475357249BFC24159D43023ADE984AA32E8CD06EABE6,IMPHASH=13FB2F4C20ED5B77A57401BC672A42F9{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000173Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:51.254{C36AC009-F327-65EE-6E00-000000005203}3448C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-WinEvent -FilterHashtable @( @{ LogName='System'; ProviderName='Microsoft-Windows-Kernel-General'; Id=12; Level=4 }, @{ LogName='System'; ProviderName='Microsoft-Windows-WER-SystemErrorReporting'; Id=1001; Level=2 } ) | Sort-Object TimeCreated -Descending" "| Select-Object" "Id, Level, ProviderName, TimeCreated, Properties" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000171Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:50.949{C36AC009-F326-65EE-6D00-000000005203}3524C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-CimInstance Win32_PnPEntity | Where-Object { $_.Service -eq 'xenvbd' }" "| Select-Object" DeviceID "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000170Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:50.913{C36AC009-F326-65EE-6C00-000000005203}3492C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000168Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:50.553{C36AC009-F326-65EE-6B00-000000005203}3076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Amazon\AwsNitroEnclaves'" "| Select-Object" "Name, Version" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000167Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:50.450{C36AC009-F326-65EE-6A00-000000005203}2872C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000165Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:50.344{C36AC009-F326-65EE-6900-000000005203}4024C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000164Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:50.331{C36AC009-F326-65EE-6800-000000005203}3992C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Amazon\PVDriver'" "| Select-Object" "Name, Version" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000163Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:50.295{C36AC009-F326-65EE-6700-000000005203}3960C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000162Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:50.240{C36AC009-F326-65EE-6600-000000005203}3936C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000161Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:50.124{C36AC009-F326-65EE-6500-000000005203}3912C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000160Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:50.021{C36AC009-F326-65EE-6400-000000005203}3892C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000154Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:49.911{C36AC009-F325-65EE-6300-000000005203}3800C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000153Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:49.881{C36AC009-F325-65EE-6200-000000005203}3768C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-CimInstance Win32_OperatingSystem" "| Select-Object" "Version, OperatingSystemSKU" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000152Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:49.796{C36AC009-F325-65EE-6100-000000005203}3752C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000151Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:49.690{C36AC009-F325-65EE-6000-000000005203}3732C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000150Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:49.582{C36AC009-F325-65EE-5F00-000000005203}3696C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinEventLog.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000149Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:49.460{C36AC009-F325-65EE-5E00-000000005203}3676C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.cmd" --scheme"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000148Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:49.205{C36AC009-F325-65EE-5D00-000000005203}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F325-65EE-5C00-000000005203}3624C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1NT AUTHORITY\SYSTEM 154100x8000000000000000147Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:49.202{C36AC009-F325-65EE-5C00-000000005203}3624C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal check-xml-files --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000146Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:49.158{C36AC009-F325-65EE-5B00-000000005203}3588C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000145Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:49.119{C36AC009-F325-65EE-5A00-000000005203}3556C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000144Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:49.080{C36AC009-F325-65EE-5900-000000005203}3520C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000143Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:49.042{C36AC009-F325-65EE-5800-000000005203}3488C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000142Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.978{C36AC009-F324-65EE-5700-000000005203}3468C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F324-65EE-5600-000000005203}3452C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000141Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.973{C36AC009-F324-65EE-5600-000000005203}3452C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F324-65EE-5500-000000005203}3440C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000140Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.969{C36AC009-F324-65EE-5500-000000005203}3440C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F323-65EE-3F00-000000005203}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000138Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.746{C36AC009-F324-65EE-5400-000000005203}3392C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F324-65EE-5300-000000005203}3372C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list replication_port --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000137Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.741{C36AC009-F324-65EE-5300-000000005203}3372C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F324-65EE-5200-000000005203}3360C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000136Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.737{C36AC009-F324-65EE-5200-000000005203}3360C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list replication_port --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F323-65EE-3F00-000000005203}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000134Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.439{C36AC009-F324-65EE-5100-000000005203}3296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd" check-transforms-keysC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F323-65EE-3F00-000000005203}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000133Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.160{C36AC009-F324-65EE-5000-000000005203}3200C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000132Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.154{C36AC009-F324-65EE-4F00-000000005203}3180C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F324-65EE-4E00-000000005203}3160C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsNT AUTHORITY\SYSTEM 154100x8000000000000000131Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.150{C36AC009-F324-65EE-4E00-000000005203}3160C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-regex --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F323-65EE-3F00-000000005203}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000130Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.122{C36AC009-F324-65EE-4D00-000000005203}3116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000129Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.116{C36AC009-F324-65EE-4C00-000000005203}3088C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000128Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.082{C36AC009-F324-65EE-4B00-000000005203}2680C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000127Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.076{C36AC009-F324-65EE-4A00-000000005203}2676C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000126Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.036{C36AC009-F324-65EE-4900-000000005203}2820C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000125Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.032{C36AC009-F324-65EE-4800-000000005203}2680C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000124Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:48.002{C36AC009-F324-65EE-4700-000000005203}2960C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion'" "| Select-Object" "ProductName, BuildLabEx, CurrentMajorVersionNumber, CurrentMinorVersionNumber" "| ConvertTo-Json -Depth 3"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000123Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:47.887{C36AC009-F323-65EE-4600-000000005203}2728C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F323-65EE-4500-000000005203}2964C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsNT AUTHORITY\SYSTEM 154100x8000000000000000122Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:47.882{C36AC009-F323-65EE-4500-000000005203}2964C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" validate-strptime --log-warningsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F323-65EE-3F00-000000005203}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000120Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:47.548{C36AC009-F323-65EE-4400-000000005203}2820C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F323-65EE-4300-000000005203}2696C:\Program Files\SplunkUniversalForwarder\bin\btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000119Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:47.543{C36AC009-F323-65EE-4300-000000005203}2696C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exe"C:\Program Files\SplunkUniversalForwarder\bin\btool" check --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F323-65EE-3F00-000000005203}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000118Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:47.300{C36AC009-F323-65EE-4100-000000005203}3044C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" check-licenseC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F323-65EE-3F00-000000005203}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000117Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:47.065{C36AC009-F323-65EE-4000-000000005203}2992C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" generate-sslC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F323-65EE-3F00-000000005203}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt NT AUTHORITY\SYSTEM 154100x8000000000000000116Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:47.056{C36AC009-F323-65EE-3F00-000000005203}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F323-65EE-3E00-000000005203}3020C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1NT AUTHORITY\SYSTEM 154100x8000000000000000115Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:47.052{C36AC009-F323-65EE-3E00-000000005203}3020C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal pre-flight-checks --answer-yes --no-prompt 2>&1C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x8000000000000000114Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.844{C36AC009-F322-65EE-3C00-000000005203}2272C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get OperatingSystemSKU /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000113Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.810{C36AC009-F322-65EE-3B00-000000005203}2832C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000112Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.792{C36AC009-F322-65EE-3A00-000000005203}2872C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list sslConfig --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F322-65EE-3900-000000005203}2696C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list sslConfig --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000111Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.788{C36AC009-F322-65EE-3900-000000005203}2696C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list sslConfig --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F322-65EE-3800-000000005203}2680C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000110Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.783{C36AC009-F322-65EE-3800-000000005203}2680C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list sslConfig --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F321-65EE-2900-000000005203}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000109Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.528{C36AC009-F322-65EE-3300-000000005203}3012C:\Program Files\Amazon\SSM\ssm-agent-worker.exe-----"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=4879BCC8BDC7111CEC0BB841BE51CF62,SHA256=2AED2927F1D688B28F192E273B8CA203E23EDBCD80794FEA7C80A0A48729B20F,IMPHASH=4F2F006E2ECF7172AD368F8289DC96C1{C36AC009-F320-65EE-1A00-000000005203}1876C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000108Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.563{C36AC009-F322-65EE-3600-000000005203}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list watchdog --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F322-65EE-3500-000000005203}3036C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list watchdog --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000107Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.558{C36AC009-F322-65EE-3500-000000005203}3036C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list watchdog --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F322-65EE-3400-000000005203}3024C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000106Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.554{C36AC009-F322-65EE-3400-000000005203}3024C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list watchdog --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F321-65EE-2900-000000005203}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000105Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.327{C36AC009-F322-65EE-3200-000000005203}2992C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F322-65EE-3100-000000005203}2972C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list kvstore --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000104Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.322{C36AC009-F322-65EE-3100-000000005203}2972C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F322-65EE-3000-000000005203}2960C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000103Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.317{C36AC009-F322-65EE-3000-000000005203}2960C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F321-65EE-2900-000000005203}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x8000000000000000102Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.086{C36AC009-F322-65EE-2F00-000000005203}2928C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F322-65EE-2E00-000000005203}2908C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000101Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.082{C36AC009-F322-65EE-2E00-000000005203}2908C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F322-65EE-2D00-000000005203}2896C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-logNT AUTHORITY\SYSTEM 154100x8000000000000000100Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:46.077{C36AC009-F322-65EE-2D00-000000005203}2896C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F321-65EE-2900-000000005203}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x800000000000000099Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:45.802{C36AC009-F321-65EE-2C00-000000005203}2856C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F321-65EE-2B00-000000005203}2836C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-logNT AUTHORITY\SYSTEM 154100x800000000000000098Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:45.796{C36AC009-F321-65EE-2B00-000000005203}2836C:\Program Files\SplunkUniversalForwarder\bin\btool.exe9.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=4410485B99AA0128BD55EA88785BE977,SHA256=FD04E124BA1E19B288EF85F8FA8BD4457868AD5FB67E552B007EBDC663B931A5,IMPHASH=D7E7C7FB1023AE6F5D81B244992E7451{C36AC009-F321-65EE-2A00-000000005203}2824C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool web list settings --no-logNT AUTHORITY\SYSTEM 154100x800000000000000097Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:45.790{C36AC009-F321-65EE-2A00-000000005203}2824C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F321-65EE-2900-000000005203}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x800000000000000096Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:45.779{C36AC009-F321-65EE-2900-000000005203}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F321-65EE-2800-000000005203}2792C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsNT AUTHORITY\SYSTEM 154100x800000000000000095Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:45.775{C36AC009-F321-65EE-2800-000000005203}2792C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _internal_extra_splunkd_service_argsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000094Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:45.726{C36AC009-F321-65EE-2600-000000005203}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe9.0.2splunk Applicationsplunk ApplicationSplunk Inc.splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=DEFF9B3BAE9BDD4AD4A37FCE51DF1159,SHA256=96AE7337E6E16DE9AB57AFDC32E4E5367A2DD3696F8CF7844B0736FCE2309FE1,IMPHASH=84048A205A55F829D4D40558E477EAB7{C36AC009-F321-65EE-2400-000000005203}2680C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsNT AUTHORITY\SYSTEM 154100x800000000000000093Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:45.698{C36AC009-F321-65EE-2400-000000005203}2680C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" _RAW_envvarsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x800000000000000090Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:44.737{C36AC009-F320-65EE-1B00-000000005203}1948C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe9.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FFE02EF24AE4119AF74F852C0118252C,SHA256=B866CD55082E4EF818DE34C7A8B91BFA97B7A6C9836E772F2CDC5FF349724AA2,IMPHASH=24A074FE4890C0B4BDB70359092BFDA5{C36AC009-F31F-65EE-0A00-000000005203}624C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x800000000000000089Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:45.114{C36AC009-F321-65EE-2300-000000005203}2468C:\Windows\System32\wbem\unsecapp.exe10.0.14393.4169 (rs1_release.210107-1130)Sink to receive asynchronous callbacks for WMI client applicationMicrosoft® Windows® Operating SystemMicrosoft Corporationunsecapp.dllC:\Windows\system32\wbem\unsecapp.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=2443CA5962E2134CB389DCD5056D27AE,SHA256=018FF62BCDC292CF9290DB0574C8EF9C97EBC26933C8FC950DD8E6B2B91972FB,IMPHASH=A3CC49DF67C2278F822C9EBB9908BF09{C36AC009-F320-65EE-0C00-000000005203}728C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x800000000000000087Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:44.708{C36AC009-F320-65EE-1A00-000000005203}1876C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe-----"C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=18F5F49E0B2A693659A95AE3D42AD442,SHA256=1B08939946B6CF467DFF59D52EFAE0638ED50D7618CCB64827BA17922A24B232,IMPHASH=4F2F006E2ECF7172AD368F8289DC96C1{C36AC009-F31F-65EE-0A00-000000005203}624C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x800000000000000086Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:44.761{C36AC009-F320-65EE-1C00-000000005203}1984C:\Windows\sysmon64.exe15.14System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-C:\Windows\sysmon64.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=99C68A0A2EE8E42EBB52E1C84F80B730,SHA256=39B094613132377BC236F4AD940A3E02C544F86347C0179A9425EDC1BD3B85CD,IMPHASH=A039666F8D08DD16E0909469DA998438{C36AC009-F31F-65EE-0A00-000000005203}624C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x800000000000000085Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:44.781{C36AC009-F320-65EE-1E00-000000005203}1148C:\Windows\System32\svchost.exe10.0.14393.5582 (rs1_release.221130-1719)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\System32\svchost.exe -k smbsvcsC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=83557C9B0E94FCB9D5181D928563991C,SHA256=11FAEB577FAF552BE4FF2275195CD0B3471228EE56C25D38DE5261BF87DF48BA,IMPHASH=9C33C8C3DCCAC65606FE5A9180D15924{C36AC009-F31F-65EE-0A00-000000005203}624C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x800000000000000084Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:44.705{C36AC009-F320-65EE-1900-000000005203}1868C:\Program Files\Amazon\XenTools\LiteAgent.exe1.0xenagentXENIFACEAmazon Inc.xenagent.exe"C:\Program Files\Amazon\XenTools\LiteAgent.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=3727559C2C2FE26EE668086FAF992815,SHA256=8130E7A850E0A088CB46F2595F7418CE9D73CE2F7750FC017ABC5CF3DED05F06,IMPHASH=C8B18E9A517CB77EA7AB3E7295D84FE8{C36AC009-F31F-65EE-0A00-000000005203}624C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x800000000000000083Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:44.678{C36AC009-F320-65EE-1800-000000005203}1764C:\Windows\System32\spoolsv.exe10.0.14393.6078 (rs1_release.230626-1747)Spooler SubSystem AppMicrosoft® Windows® Operating SystemMicrosoft Corporationspoolsv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=578840E14C88B6DC95EBAC0D208F493C,SHA256=C391E5024F1B8FAB6DCD88BBE3B36F71FAE02DD815EA9273D9ACB247781955FB,IMPHASH=BDE05BF1A813EB07FFA212837CB0F528{C36AC009-F31F-65EE-0A00-000000005203}624C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x800000000000000077Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:44.447{C36AC009-F320-65EE-1400-000000005203}1092C:\Windows\System32\svchost.exe10.0.14393.5582 (rs1_release.221130-1719)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\NT AUTHORITY\LOCAL SERVICE{C36AC009-F320-65EE-E503-000000000000}0x3e50SystemMD5=83557C9B0E94FCB9D5181D928563991C,SHA256=11FAEB577FAF552BE4FF2275195CD0B3471228EE56C25D38DE5261BF87DF48BA,IMPHASH=9C33C8C3DCCAC65606FE5A9180D15924{C36AC009-F31F-65EE-0A00-000000005203}624C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x800000000000000076Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:44.328{C36AC009-F320-65EE-1100-000000005203}948C:\Windows\System32\svchost.exe10.0.14393.5582 (rs1_release.221130-1719)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\System32\svchost.exe -k termsvcsC:\Windows\system32\NT AUTHORITY\NETWORK SERVICE{C36AC009-F320-65EE-E403-000000000000}0x3e40SystemMD5=83557C9B0E94FCB9D5181D928563991C,SHA256=11FAEB577FAF552BE4FF2275195CD0B3471228EE56C25D38DE5261BF87DF48BA,IMPHASH=9C33C8C3DCCAC65606FE5A9180D15924{C36AC009-F31F-65EE-0A00-000000005203}624C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x800000000000000075Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:44.323{C36AC009-F320-65EE-0F00-000000005203}900C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-1{C36AC009-F320-65EE-B4A9-000000000000}0xa9b41SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408,IMPHASH=DDB7DE3741333EE031929A760FCD4542{C36AC009-F31F-65EE-0900-000000005203}552C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x800000000000000074Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:44.321{C36AC009-F320-65EE-0E00-000000005203}892C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa3bbb855 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e71SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5,IMPHASH=A6F3A84D171E55B51A7343E05C8DFAC3{C36AC009-F31F-65EE-0900-000000005203}552C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x800000000000000073Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:44.040{C36AC009-F320-65EE-0C00-000000005203}728C:\Windows\System32\svchost.exe10.0.14393.5582 (rs1_release.221130-1719)Host Process for Windows ServicesMicrosoft® Windows® Operating SystemMicrosoft Corporationsvchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=83557C9B0E94FCB9D5181D928563991C,SHA256=11FAEB577FAF552BE4FF2275195CD0B3471228EE56C25D38DE5261BF87DF48BA,IMPHASH=9C33C8C3DCCAC65606FE5A9180D15924{C36AC009-F31F-65EE-0A00-000000005203}624C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 154100x800000000000000071Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:43.719{C36AC009-F31F-65EE-0B00-000000005203}632C:\Windows\System32\lsass.exe10.0.14393.4704 (rs1_release.211004-1917)Local Security Authority ProcessMicrosoft® Windows® Operating SystemMicrosoft Corporationlsass.exeC:\Windows\system32\lsass.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=93212FD52A9CD5ADDAD2FD2A779355D2,SHA256=95888DAEFD187FAC9C979387F75FF3628548E7DDF5D70AD489CF996B9CAD7193,IMPHASH=D6BD93CD721B30625A910C53F829499B{C36AC009-F31F-65EE-0700-000000005203}488C:\Windows\System32\wininit.exewininit.exeNT AUTHORITY\SYSTEM 154100x800000000000000070Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:43.674{C36AC009-F31F-65EE-0A00-000000005203}624C:\Windows\System32\services.exe10.0.14393.4169 (rs1_release.210107-1130)Services and Controller appMicrosoft® Windows® Operating SystemMicrosoft Corporationservices.exeC:\Windows\system32\services.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=FEFC26105685C70D7260170489B5B520,SHA256=930F44F9A599937BDB23CF0C7EA4D158991B837D2A0975C15686CDD4198808E8,IMPHASH=A1C9FD59764D67AA201947276212F7CF{C36AC009-F31F-65EE-0700-000000005203}488C:\Windows\System32\wininit.exewininit.exeNT AUTHORITY\SYSTEM 154100x800000000000000069Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:43.496{C36AC009-F31F-65EE-0900-000000005203}552C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e71SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9,IMPHASH=3CF10D94C117DB4F6E9D523B93429D6D{C36AC009-F31F-65EE-0600-000000005203}480C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e0 0000007c NT AUTHORITY\SYSTEM 154100x800000000000000068Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:43.463{C36AC009-F31F-65EE-0700-000000005203}488C:\Windows\System32\wininit.exe10.0.14393.5582 (rs1_release.221130-1719)Windows Start-Up ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWinInit.exewininit.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=BF2E08F50F3E361EA04CC57147728352,SHA256=059966B74A344FB6347E4DC9478FC1E8760CC2EA3B63B552D10EBBB933B78D05,IMPHASH=C8D526C4E61942E1B11AE4B7EE2DDE5D{C36AC009-F31F-65EE-0400-000000005203}408C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 0000007c NT AUTHORITY\SYSTEM 154100x800000000000000067Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:43.466{C36AC009-F31F-65EE-0800-000000005203}496C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e71SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{C36AC009-F31F-65EE-0600-000000005203}480C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000e0 0000007c NT AUTHORITY\SYSTEM 154100x800000000000000066Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:43.461{C36AC009-F31F-65EE-0600-000000005203}480C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 000000e0 0000007c C:\Windows\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e71SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{C36AC009-F31E-65EE-0200-000000005203}324C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exeNT AUTHORITY\SYSTEM 154100x800000000000000065Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:43.344{C36AC009-F31F-65EE-0500-000000005203}416C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{C36AC009-F31F-65EE-0400-000000005203}408C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000b8 0000007c NT AUTHORITY\SYSTEM 154100x800000000000000064Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:43.242{C36AC009-F31F-65EE-0400-000000005203}408C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 000000b8 0000007c C:\Windows\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{C36AC009-F31E-65EE-0200-000000005203}324C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exeNT AUTHORITY\SYSTEM 154100x800000000000000063Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:42.712{C36AC009-F31E-65EE-0300-000000005203}364C:\Windows\System32\autochk.exe10.0.14393.4350 (rs1_release.210407-2154)Auto Check UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationAutoChk.Exe\??\C:\Windows\system32\autochk.exe /q /v *C:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F31F-65EE-E703-000000000000}0x3e70SystemMD5=A512733E2C767F87A8029400B4A48CD0,SHA256=1ED75EB59C2897304E0160E0605071178418802C31910D78A2076B0414047875,IMPHASH=1BF5E4792E849FE3BCFE23E7C1B21A3F{C36AC009-F31E-65EE-0200-000000005203}324C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exeNT AUTHORITY\SYSTEM 154100x800000000000000059Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:29.765{C36AC009-F311-65EE-F204-000000005103}3240C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAEcAZQB0AC0AQwBpAG0ASQBuAHMAdABhAG4AYwBlACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACAALQBQAHIAbwBwAGUAcgB0AHkAIABMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAKQAuAEwAYQBzAHQAQgBvAG8AdABVAHAAVABpAG0AZQAuAFQAbwBGAGkAbABlAFQAaQBtAGUAKAApAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F311-65EE-02AB-210000000000}0x21ab020HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F311-65EE-F104-000000005103}3152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000057Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:29.655{C36AC009-F311-65EE-F104-000000005103}3152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F311-65EE-02AB-210000000000}0x21ab020HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F311-65EE-F004-000000005103}2544C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000056Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:29.650{C36AC009-F311-65EE-F004-000000005103}2544C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F311-65EE-02AB-210000000000}0x21ab020HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F311-65EE-EE04-000000005103}3436C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000055Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:29.432{C36AC009-F311-65EE-EE04-000000005103}3436C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F311-65EE-02AB-210000000000}0x21ab020HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F11F-65EE-0C00-000000005103}724C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x800000000000000054Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:28.571{C36AC009-F310-65EE-ED04-000000005103}3604C:\Windows\System32\shutdown.exe10.0.14393.0 (rs1_release.160715-1616)Windows Shutdown and Annotation ToolMicrosoft® Windows® Operating SystemMicrosoft CorporationSHUTDOWN.EXE"C:\Windows\system32\shutdown.exe" /r /t 2 /c "Reboot initiated by Ansible"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30F-65EE-1064-210000000000}0x2164100HighMD5=547993395376742A437D3145AF6B0309,SHA256=F96073C3442EA0A99B4945394007602772DB36732D1511DC2068519526678F8A,IMPHASH=609F1D7580ED496A3076AEBA77DAFC7E{C36AC009-F310-65EE-EC04-000000005103}2460C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAQwBvAG4AdABpAG4AdQBlACcACgBpAGYAIAAoACQAVAByAHUAZQApACAAewAKAFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABXAGkAbgBsAG8AZwBvAG4AXABBAHUAdABvAEwAbwBnAG8AbgBDAGgAZQBjAGsAZQBkACcAIAAtAEYAbwByAGMAZQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAKAH0ACgAkAHMAdABkAG8AdQB0ACAAPQAgACQAbgB1AGwAbAAKACQAcwB0AGQAZQByAHIAIAA9ACAALgAgAHsAIABzAGgAdQB0AGQAbwB3AG4ALgBlAHgAZQAgAC8AcgAgAC8AdAAgADIAIAAvAGMAIAAnAFIAZQBiAG8AbwB0ACAAaQBuAGkAdABpAGEAdABlAGQAIABiAHkAIABBAG4AcwBpAGIAbABlACcAIAB8ACAAUwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABzAHQAZABvAHUAdAAgAH0AIAAyAD4AJgAxACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAFQAbwBTAHQAcgBpAG4AZwAKAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgAgAC0AQwBvAG0AcAByAGUAcwBzACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIABAAHsACgBzAHQAZABvAHUAdAAgAD0AIAAoAEAAKAAkAHMAdABkAG8AdQB0ACkAIAAtAGoAbwBpAG4AIAAiAGAAbgAiACkACgBzAHQAZABlAHIAcgAgAD0AIAAoAEAAKAAkAHMAdABkAGUAcgByACkAIAAtAGoAbwBpAG4AIAAiAGAAbgAiACkACgByAGMAIAA9ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAKAH0ACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0AEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000052Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:28.388{C36AC009-F310-65EE-EC04-000000005103}2460C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACcAQwBvAG4AdABpAG4AdQBlACcACgBpAGYAIAAoACQAVAByAHUAZQApACAAewAKAFIAZQBtAG8AdgBlAC0ASQB0AGUAbQAgAC0ATABpAHQAZQByAGEAbABQAGEAdABoACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABOAFQAXABDAHUAcgByAGUAbgB0AFYAZQByAHMAaQBvAG4AXABXAGkAbgBsAG8AZwBvAG4AXABBAHUAdABvAEwAbwBnAG8AbgBDAGgAZQBjAGsAZQBkACcAIAAtAEYAbwByAGMAZQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAKAH0ACgAkAHMAdABkAG8AdQB0ACAAPQAgACQAbgB1AGwAbAAKACQAcwB0AGQAZQByAHIAIAA9ACAALgAgAHsAIABzAGgAdQB0AGQAbwB3AG4ALgBlAHgAZQAgAC8AcgAgAC8AdAAgADIAIAAvAGMAIAAnAFIAZQBiAG8AbwB0ACAAaQBuAGkAdABpAGEAdABlAGQAIABiAHkAIABBAG4AcwBpAGIAbABlACcAIAB8ACAAUwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABzAHQAZABvAHUAdAAgAH0AIAAyAD4AJgAxACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAFQAbwBTAHQAcgBpAG4AZwAKAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgAgAC0AQwBvAG0AcAByAGUAcwBzACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIABAAHsACgBzAHQAZABvAHUAdAAgAD0AIAAoAEAAKAAkAHMAdABkAG8AdQB0ACkAIAAtAGoAbwBpAG4AIAAiAGAAbgAiACkACgBzAHQAZABlAHIAcgAgAD0AIAAoAEAAKAAkAHMAdABkAGUAcgByACkAIAAtAGoAbwBpAG4AIAAiAGAAbgAiACkACgByAGMAIAA9ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAKAH0ACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30F-65EE-1064-210000000000}0x2164100HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F310-65EE-EB04-000000005103}3488C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgBRAEEASABJAEEAWgBRAEIAbQBBAEcAVQBBAGMAZwBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAYwBBAEMAZwBCAHAAQQBHAFkAQQBJAEEAQQBvAEEAQwBRAEEAVgBBAEIAeQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBLAEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEEAZwBBAEMAMABBAFQAQQBCAHAAQQBIAFEAQQBaAFEAQgB5AEEARwBFAEEAYgBBAEIAUQBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBKAHcAQgBJAEEARQBzAEEAVABBAEIATgBBAEQAbwBBAFgAQQBCAFQAQQBFADgAQQBSAGcAQgBVAEEARgBjAEEAUQBRAEIAUwBBAEUAVQBBAFgAQQBCAE4AQQBHAGsAQQBZAHcAQgB5AEEARwA4AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCAGMAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEgATQBBAEkAQQBCAE8AQQBGAFEAQQBYAEEAQgBEAEEASABVAEEAYwBnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAQQBCAFgAQQBHAGsAQQBiAGcAQgBzAEEARwA4AEEAWgB3AEIAdgBBAEcANABBAFgAQQBCAEIAQQBIAFUAQQBkAEEAQgB2AEEARQB3AEEAYgB3AEIAbgBBAEcAOABBAGIAZwBCAEQAQQBHAGcAQQBaAFEAQgBqAEEARwBzAEEAWgBRAEIAawBBAEMAYwBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAEsAQQBIADAAQQBDAGcAQQBrAEEASABNAEEAZABBAEIAawBBAEcAOABBAGQAUQBCADAAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYgBnAEIAMQBBAEcAdwBBAGIAQQBBAEsAQQBDAFEAQQBjAHcAQgAwAEEARwBRAEEAWgBRAEIAeQBBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBMAGcAQQBnAEEASABzAEEASQBBAEIAegBBAEcAZwBBAGQAUQBCADAAQQBHAFEAQQBiAHcAQgAzAEEARwA0AEEATABnAEIAbABBAEgAZwBBAFoAUQBBAGcAQQBDADgAQQBjAGcAQQBnAEEAQwA4AEEAZABBAEEAZwBBAEQASQBBAEkAQQBBAHYAQQBHAE0AQQBJAEEAQQBuAEEARgBJAEEAWgBRAEIAaQBBAEcAOABBAGIAdwBCADAAQQBDAEEAQQBhAFEAQgB1AEEARwBrAEEAZABBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBHAFEAQQBJAEEAQgBpAEEASABrAEEASQBBAEIAQgBBAEcANABBAGMAdwBCAHAAQQBHAEkAQQBiAEEAQgBsAEEAQwBjAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBIADAAQQBJAEEAQQB5AEEARAA0AEEASgBnAEEAeABBAEMAQQBBAGYAQQBBAGcAQQBFAFkAQQBiAHcAQgB5AEEARQBVAEEAWQBRAEIAagBBAEcAZwBBAEwAUQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEYAUQBBAGIAdwBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwA0AEEAWgB3AEEASwBBAEUATQBBAGIAdwBCAHUAQQBIAFkAQQBaAFEAQgB5AEEASABRAEEAVgBBAEIAdgBBAEMAMABBAFMAZwBCAHoAQQBHADgAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEAQwBBAEEATABRAEIASgBBAEcANABBAGMAQQBCADEAQQBIAFEAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAEEAQQBIAHMAQQBDAGcAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBBAEEASwBBAEEAawBBAEgATQBBAGQAQQBCAGsAQQBHADgAQQBkAFEAQgAwAEEAQwBrAEEASQBBAEEAdABBAEcAbwBBAGIAdwBCAHAAQQBHADQAQQBJAEEAQQBpAEEARwBBAEEAYgBnAEEAaQBBAEMAawBBAEMAZwBCAHoAQQBIAFEAQQBaAEEAQgBsAEEASABJAEEAYwBnAEEAZwBBAEQAMABBAEkAQQBBAG8AQQBFAEEAQQBLAEEAQQBrAEEASABNAEEAZABBAEIAawBBAEcAVQBBAGMAZwBCAHkAQQBDAGsAQQBJAEEAQQB0AEEARwBvAEEAYgB3AEIAcABBAEcANABBAEkAQQBBAGkAQQBHAEEAQQBiAGcAQQBpAEEAQwBrAEEAQwBnAEIAeQBBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEASwBBAEgAMABBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==EC2AMAZ-I1DH4UO\Administrator 154100x800000000000000050Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:28.278{C36AC009-F310-65EE-EB04-000000005103}3488C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgBRAEEASABJAEEAWgBRAEIAbQBBAEcAVQBBAGMAZwBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAYwBBAEMAZwBCAHAAQQBHAFkAQQBJAEEAQQBvAEEAQwBRAEEAVgBBAEIAeQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBLAEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEEAZwBBAEMAMABBAFQAQQBCAHAAQQBIAFEAQQBaAFEAQgB5AEEARwBFAEEAYgBBAEIAUQBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBKAHcAQgBJAEEARQBzAEEAVABBAEIATgBBAEQAbwBBAFgAQQBCAFQAQQBFADgAQQBSAGcAQgBVAEEARgBjAEEAUQBRAEIAUwBBAEUAVQBBAFgAQQBCAE4AQQBHAGsAQQBZAHcAQgB5AEEARwA4AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCAGMAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEgATQBBAEkAQQBCAE8AQQBGAFEAQQBYAEEAQgBEAEEASABVAEEAYwBnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAQQBCAFgAQQBHAGsAQQBiAGcAQgBzAEEARwA4AEEAWgB3AEIAdgBBAEcANABBAFgAQQBCAEIAQQBIAFUAQQBkAEEAQgB2AEEARQB3AEEAYgB3AEIAbgBBAEcAOABBAGIAZwBCAEQAQQBHAGcAQQBaAFEAQgBqAEEARwBzAEEAWgBRAEIAawBBAEMAYwBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAEsAQQBIADAAQQBDAGcAQQBrAEEASABNAEEAZABBAEIAawBBAEcAOABBAGQAUQBCADAAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYgBnAEIAMQBBAEcAdwBBAGIAQQBBAEsAQQBDAFEAQQBjAHcAQgAwAEEARwBRAEEAWgBRAEIAeQBBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBMAGcAQQBnAEEASABzAEEASQBBAEIAegBBAEcAZwBBAGQAUQBCADAAQQBHAFEAQQBiAHcAQgAzAEEARwA0AEEATABnAEIAbABBAEgAZwBBAFoAUQBBAGcAQQBDADgAQQBjAGcAQQBnAEEAQwA4AEEAZABBAEEAZwBBAEQASQBBAEkAQQBBAHYAQQBHAE0AQQBJAEEAQQBuAEEARgBJAEEAWgBRAEIAaQBBAEcAOABBAGIAdwBCADAAQQBDAEEAQQBhAFEAQgB1AEEARwBrAEEAZABBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBHAFEAQQBJAEEAQgBpAEEASABrAEEASQBBAEIAQgBBAEcANABBAGMAdwBCAHAAQQBHAEkAQQBiAEEAQgBsAEEAQwBjAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBIADAAQQBJAEEAQQB5AEEARAA0AEEASgBnAEEAeABBAEMAQQBBAGYAQQBBAGcAQQBFAFkAQQBiAHcAQgB5AEEARQBVAEEAWQBRAEIAagBBAEcAZwBBAEwAUQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEYAUQBBAGIAdwBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwA0AEEAWgB3AEEASwBBAEUATQBBAGIAdwBCAHUAQQBIAFkAQQBaAFEAQgB5AEEASABRAEEAVgBBAEIAdgBBAEMAMABBAFMAZwBCAHoAQQBHADgAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEAQwBBAEEATABRAEIASgBBAEcANABBAGMAQQBCADEAQQBIAFEAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAEEAQQBIAHMAQQBDAGcAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBBAEEASwBBAEEAawBBAEgATQBBAGQAQQBCAGsAQQBHADgAQQBkAFEAQgAwAEEAQwBrAEEASQBBAEEAdABBAEcAbwBBAGIAdwBCAHAAQQBHADQAQQBJAEEAQQBpAEEARwBBAEEAYgBnAEEAaQBBAEMAawBBAEMAZwBCAHoAQQBIAFEAQQBaAEEAQgBsAEEASABJAEEAYwBnAEEAZwBBAEQAMABBAEkAQQBBAG8AQQBFAEEAQQBLAEEAQQBrAEEASABNAEEAZABBAEIAawBBAEcAVQBBAGMAZwBCAHkAQQBDAGsAQQBJAEEAQQB0AEEARwBvAEEAYgB3AEIAcABBAEcANABBAEkAQQBBAGkAQQBHAEEAQQBiAGcAQQBpAEEAQwBrAEEAQwBnAEIAeQBBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEASwBBAEgAMABBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30F-65EE-1064-210000000000}0x2164100HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F310-65EE-EA04-000000005103}2964C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgBRAEEASABJAEEAWgBRAEIAbQBBAEcAVQBBAGMAZwBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAYwBBAEMAZwBCAHAAQQBHAFkAQQBJAEEAQQBvAEEAQwBRAEEAVgBBAEIAeQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBLAEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEEAZwBBAEMAMABBAFQAQQBCAHAAQQBIAFEAQQBaAFEAQgB5AEEARwBFAEEAYgBBAEIAUQBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBKAHcAQgBJAEEARQBzAEEAVABBAEIATgBBAEQAbwBBAFgAQQBCAFQAQQBFADgAQQBSAGcAQgBVAEEARgBjAEEAUQBRAEIAUwBBAEUAVQBBAFgAQQBCAE4AQQBHAGsAQQBZAHcAQgB5AEEARwA4AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCAGMAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEgATQBBAEkAQQBCAE8AQQBGAFEAQQBYAEEAQgBEAEEASABVAEEAYwBnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAQQBCAFgAQQBHAGsAQQBiAGcAQgBzAEEARwA4AEEAWgB3AEIAdgBBAEcANABBAFgAQQBCAEIAQQBIAFUAQQBkAEEAQgB2AEEARQB3AEEAYgB3AEIAbgBBAEcAOABBAGIAZwBCAEQAQQBHAGcAQQBaAFEAQgBqAEEARwBzAEEAWgBRAEIAawBBAEMAYwBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAEsAQQBIADAAQQBDAGcAQQBrAEEASABNAEEAZABBAEIAawBBAEcAOABBAGQAUQBCADAAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYgBnAEIAMQBBAEcAdwBBAGIAQQBBAEsAQQBDAFEAQQBjAHcAQgAwAEEARwBRAEEAWgBRAEIAeQBBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBMAGcAQQBnAEEASABzAEEASQBBAEIAegBBAEcAZwBBAGQAUQBCADAAQQBHAFEAQQBiAHcAQgAzAEEARwA0AEEATABnAEIAbABBAEgAZwBBAFoAUQBBAGcAQQBDADgAQQBjAGcAQQBnAEEAQwA4AEEAZABBAEEAZwBBAEQASQBBAEkAQQBBAHYAQQBHAE0AQQBJAEEAQQBuAEEARgBJAEEAWgBRAEIAaQBBAEcAOABBAGIAdwBCADAAQQBDAEEAQQBhAFEAQgB1AEEARwBrAEEAZABBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBHAFEAQQBJAEEAQgBpAEEASABrAEEASQBBAEIAQgBBAEcANABBAGMAdwBCAHAAQQBHAEkAQQBiAEEAQgBsAEEAQwBjAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBIADAAQQBJAEEAQQB5AEEARAA0AEEASgBnAEEAeABBAEMAQQBBAGYAQQBBAGcAQQBFAFkAQQBiAHcAQgB5AEEARQBVAEEAWQBRAEIAagBBAEcAZwBBAEwAUQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEYAUQBBAGIAdwBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwA0AEEAWgB3AEEASwBBAEUATQBBAGIAdwBCAHUAQQBIAFkAQQBaAFEAQgB5AEEASABRAEEAVgBBAEIAdgBBAEMAMABBAFMAZwBCAHoAQQBHADgAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEAQwBBAEEATABRAEIASgBBAEcANABBAGMAQQBCADEAQQBIAFEAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAEEAQQBIAHMAQQBDAGcAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBBAEEASwBBAEEAawBBAEgATQBBAGQAQQBCAGsAQQBHADgAQQBkAFEAQgAwAEEAQwBrAEEASQBBAEEAdABBAEcAbwBBAGIAdwBCAHAAQQBHADQAQQBJAEEAQQBpAEEARwBBAEEAYgBnAEEAaQBBAEMAawBBAEMAZwBCAHoAQQBIAFEAQQBaAEEAQgBsAEEASABJAEEAYwBnAEEAZwBBAEQAMABBAEkAQQBBAG8AQQBFAEEAQQBLAEEAQQBrAEEASABNAEEAZABBAEIAawBBAEcAVQBBAGMAZwBCAHkAQQBDAGsAQQBJAEEAQQB0AEEARwBvAEEAYgB3AEIAcABBAEcANABBAEkAQQBBAGkAQQBHAEEAQQBiAGcAQQBpAEEAQwBrAEEAQwBnAEIAeQBBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEASwBBAEgAMABBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==EC2AMAZ-I1DH4UO\Administrator 154100x800000000000000049Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:28.273{C36AC009-F310-65EE-EA04-000000005103}2964C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgBRAEEASABJAEEAWgBRAEIAbQBBAEcAVQBBAGMAZwBCAGwAQQBHADQAQQBZAHcAQgBsAEEAQwBBAEEAUABRAEEAZwBBAEMAYwBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAYwBBAEMAZwBCAHAAQQBHAFkAQQBJAEEAQQBvAEEAQwBRAEEAVgBBAEIAeQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBLAEEARgBJAEEAWgBRAEIAdABBAEcAOABBAGQAZwBCAGwAQQBDADAAQQBTAFEAQgAwAEEARwBVAEEAYgBRAEEAZwBBAEMAMABBAFQAQQBCAHAAQQBIAFEAQQBaAFEAQgB5AEEARwBFAEEAYgBBAEIAUQBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBKAHcAQgBJAEEARQBzAEEAVABBAEIATgBBAEQAbwBBAFgAQQBCAFQAQQBFADgAQQBSAGcAQgBVAEEARgBjAEEAUQBRAEIAUwBBAEUAVQBBAFgAQQBCAE4AQQBHAGsAQQBZAHcAQgB5AEEARwA4AEEAYwB3AEIAdgBBAEcAWQBBAGQAQQBCAGMAQQBGAGMAQQBhAFEAQgB1AEEARwBRAEEAYgB3AEIAMwBBAEgATQBBAEkAQQBCAE8AQQBGAFEAQQBYAEEAQgBEAEEASABVAEEAYwBnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAQQBCAFgAQQBHAGsAQQBiAGcAQgBzAEEARwA4AEEAWgB3AEIAdgBBAEcANABBAFgAQQBCAEIAQQBIAFUAQQBkAEEAQgB2AEEARQB3AEEAYgB3AEIAbgBBAEcAOABBAGIAZwBCAEQAQQBHAGcAQQBaAFEAQgBqAEEARwBzAEEAWgBRAEIAawBBAEMAYwBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAEsAQQBIADAAQQBDAGcAQQBrAEEASABNAEEAZABBAEIAawBBAEcAOABBAGQAUQBCADAAQQBDAEEAQQBQAFEAQQBnAEEAQwBRAEEAYgBnAEIAMQBBAEcAdwBBAGIAQQBBAEsAQQBDAFEAQQBjAHcAQgAwAEEARwBRAEEAWgBRAEIAeQBBAEgASQBBAEkAQQBBADkAQQBDAEEAQQBMAGcAQQBnAEEASABzAEEASQBBAEIAegBBAEcAZwBBAGQAUQBCADAAQQBHAFEAQQBiAHcAQgAzAEEARwA0AEEATABnAEIAbABBAEgAZwBBAFoAUQBBAGcAQQBDADgAQQBjAGcAQQBnAEEAQwA4AEEAZABBAEEAZwBBAEQASQBBAEkAQQBBAHYAQQBHAE0AQQBJAEEAQQBuAEEARgBJAEEAWgBRAEIAaQBBAEcAOABBAGIAdwBCADAAQQBDAEEAQQBhAFEAQgB1AEEARwBrAEEAZABBAEIAcABBAEcARQBBAGQAQQBCAGwAQQBHAFEAQQBJAEEAQgBpAEEASABrAEEASQBBAEIAQgBBAEcANABBAGMAdwBCAHAAQQBHAEkAQQBiAEEAQgBsAEEAQwBjAEEASQBBAEIAOABBAEMAQQBBAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBIADAAQQBJAEEAQQB5AEEARAA0AEEASgBnAEEAeABBAEMAQQBBAGYAQQBBAGcAQQBFAFkAQQBiAHcAQgB5AEEARQBVAEEAWQBRAEIAagBBAEcAZwBBAEwAUQBCAFAAQQBHAEkAQQBhAGcAQgBsAEEARwBNAEEAZABBAEEAZwBBAEYAUQBBAGIAdwBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwA0AEEAWgB3AEEASwBBAEUATQBBAGIAdwBCAHUAQQBIAFkAQQBaAFEAQgB5AEEASABRAEEAVgBBAEIAdgBBAEMAMABBAFMAZwBCAHoAQQBHADgAQQBiAGcAQQBnAEEAQwAwAEEAUQB3AEIAdgBBAEcAMABBAGMAQQBCAHkAQQBHAFUAQQBjAHcAQgB6AEEAQwBBAEEATABRAEIASgBBAEcANABBAGMAQQBCADEAQQBIAFEAQQBUAHcAQgBpAEEARwBvAEEAWgBRAEIAagBBAEgAUQBBAEkAQQBCAEEAQQBIAHMAQQBDAGcAQgB6AEEASABRAEEAWgBBAEIAdgBBAEgAVQBBAGQAQQBBAGcAQQBEADAAQQBJAEEAQQBvAEEARQBBAEEASwBBAEEAawBBAEgATQBBAGQAQQBCAGsAQQBHADgAQQBkAFEAQgAwAEEAQwBrAEEASQBBAEEAdABBAEcAbwBBAGIAdwBCAHAAQQBHADQAQQBJAEEAQQBpAEEARwBBAEEAYgBnAEEAaQBBAEMAawBBAEMAZwBCAHoAQQBIAFEAQQBaAEEAQgBsAEEASABJAEEAYwBnAEEAZwBBAEQAMABBAEkAQQBBAG8AQQBFAEEAQQBLAEEAQQBrAEEASABNAEEAZABBAEIAawBBAEcAVQBBAGMAZwBCAHkAQQBDAGsAQQBJAEEAQQB0AEEARwBvAEEAYgB3AEIAcABBAEcANABBAEkAQQBBAGkAQQBHAEEAQQBiAGcAQQBpAEEAQwBrAEEAQwBnAEIAeQBBAEcATQBBAEkAQQBBADkAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEASwBBAEgAMABBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30F-65EE-1064-210000000000}0x2164100HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F30F-65EE-E404-000000005103}3424C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000047Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:27.567{C36AC009-F30F-65EE-E804-000000005103}1388C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAoAEcAZQB0AC0AQwBpAG0ASQBuAHMAdABhAG4AYwBlACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACAALQBQAHIAbwBwAGUAcgB0AHkAIABMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAKQAuAEwAYQBzAHQAQgBvAG8AdABVAHAAVABpAG0AZQAuAFQAbwBGAGkAbABlAFQAaQBtAGUAKAApAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30F-65EE-1064-210000000000}0x2164100HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F30F-65EE-E704-000000005103}3576C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000045Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:27.456{C36AC009-F30F-65EE-E704-000000005103}3576C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30F-65EE-1064-210000000000}0x2164100HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F30F-65EE-E604-000000005103}2728C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000044Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:27.452{C36AC009-F30F-65EE-E604-000000005103}2728C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAUQB3AEIAcABBAEcAMABBAFMAUQBCAHUAQQBIAE0AQQBkAEEAQgBoAEEARwA0AEEAWQB3AEIAbABBAEMAQQBBAEwAUQBCAEQAQQBHAHcAQQBZAFEAQgB6AEEASABNAEEAVABnAEIAaABBAEcAMABBAFoAUQBBAGcAQQBGAGMAQQBhAFEAQgB1AEEARABNAEEATQBnAEIAZgBBAEUAOABBAGMAQQBCAGwAQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEYATQBBAGUAUQBCAHoAQQBIAFEAQQBaAFEAQgB0AEEAQwBBAEEATABRAEIAUQBBAEgASQBBAGIAdwBCAHcAQQBHAFUAQQBjAGcAQgAwAEEASABrAEEASQBBAEIATQBBAEcARQBBAGMAdwBCADAAQQBFAEkAQQBiAHcAQgB2AEEASABRAEEAVgBRAEIAdwBBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAFEAQQB1AEEARQB3AEEAWQBRAEIAegBBAEgAUQBBAFEAZwBCAHYAQQBHADgAQQBkAEEAQgBWAEEASABBAEEAVgBBAEIAcABBAEcAMABBAFoAUQBBAHUAQQBGAFEAQQBiAHcAQgBHAEEARwBrAEEAYgBBAEIAbABBAEYAUQBBAGEAUQBCAHQAQQBHAFUAQQBLAEEAQQBwAEEAQQBvAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBBAHQAQQBHADQAQQBiAHcAQgAwAEEAQwBBAEEASgBBAEEALwBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBTAFEAQgBtAEEAQwBBAEEASwBBAEIASABBAEcAVQBBAGQAQQBBAHQAQQBGAFkAQQBZAFEAQgB5AEEARwBrAEEAWQBRAEIAaQBBAEcAdwBBAFoAUQBBAGcAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEATABRAEIARgBBAEgASQBBAGMAZwBCAHYAQQBIAEkAQQBRAFEAQgBqAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEkAQQBCAFQAQQBHAGsAQQBiAEEAQgBsAEEARwA0AEEAZABBAEIAcwBBAEgAawBBAFEAdwBCAHYAQQBHADQAQQBkAEEAQgBwAEEARwA0AEEAZABRAEIAbABBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBaAFEAQgA0AEEARwBrAEEAZABBAEEAZwBBAEMAUQBBAFQAQQBCAEIAQQBGAE0AQQBWAEEAQgBGAEEARgBnAEEAUwBRAEIAVQBBAEUATQBBAFQAdwBCAEUAQQBFAFUAQQBJAEEAQgA5AEEAQwBBAEEAUgBRAEIAcwBBAEgATQBBAFoAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAE0AUQBBAGcAQQBIADAAQQBJAEEAQgA5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30F-65EE-1064-210000000000}0x2164100HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F30F-65EE-E404-000000005103}3424C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000043Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:27.233{C36AC009-F30F-65EE-E404-000000005103}3424C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30F-65EE-1064-210000000000}0x2164100HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F11F-65EE-0C00-000000005103}724C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x800000000000000040Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:26.006{C36AC009-F30E-65EE-E304-000000005103}1288C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES943F.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC7D4069C7BCD94335A65156EB463976B.TMP"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30C-65EE-D93A-210000000000}0x213ad90HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F30D-65EE-E204-000000005103}3700C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\ppwmcbev.cmdline"EC2AMAZ-I1DH4UO\Administrator 154100x800000000000000039Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:25.882{C36AC009-F30D-65EE-E204-000000005103}3700C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\ppwmcbev.cmdline"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30C-65EE-D93A-210000000000}0x213ad90HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F30C-65EE-E004-000000005103}656C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==EC2AMAZ-I1DH4UO\Administrator 154100x800000000000000036Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:24.952{C36AC009-F30C-65EE-E104-000000005103}3832C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30C-65EE-D93A-210000000000}0x213ad90HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F30C-65EE-E004-000000005103}656C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==EC2AMAZ-I1DH4UO\Administrator 154100x800000000000000034Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:24.840{C36AC009-F30C-65EE-E004-000000005103}656C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30C-65EE-D93A-210000000000}0x213ad90HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F30C-65EE-DF04-000000005103}3900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000032Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:24.728{C36AC009-F30C-65EE-DF04-000000005103}3900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30C-65EE-D93A-210000000000}0x213ad90HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F30C-65EE-DE04-000000005103}732C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000031Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:24.723{C36AC009-F30C-65EE-DE04-000000005103}732C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30C-65EE-D93A-210000000000}0x213ad90HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F30C-65EE-DC04-000000005103}3176C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000030Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:24.495{C36AC009-F30C-65EE-DC04-000000005103}3176C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F30C-65EE-D93A-210000000000}0x213ad90HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F11F-65EE-0C00-000000005103}724C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x800000000000000027Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:23.253{C36AC009-F30B-65EE-DB04-000000005103}3804C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES8981.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC63E6D6B5479742988B8D6916CB92F927.TMP"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F309-65EE-DE0D-210000000000}0x210dde0HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F30B-65EE-DA04-000000005103}3656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\lv3wnljp.cmdline"EC2AMAZ-I1DH4UO\Administrator 154100x800000000000000026Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:23.130{C36AC009-F30B-65EE-DA04-000000005103}3656C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\lv3wnljp.cmdline"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F309-65EE-DE0D-210000000000}0x210dde0HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F30A-65EE-D804-000000005103}1972C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==EC2AMAZ-I1DH4UO\Administrator 154100x800000000000000023Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:22.199{C36AC009-F30A-65EE-D904-000000005103}2036C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F309-65EE-DE0D-210000000000}0x210dde0HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F30A-65EE-D804-000000005103}1972C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==EC2AMAZ-I1DH4UO\Administrator 154100x800000000000000021Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:22.085{C36AC009-F30A-65EE-D804-000000005103}1972C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F309-65EE-DE0D-210000000000}0x210dde0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F309-65EE-D704-000000005103}2776C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000019Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:21.975{C36AC009-F309-65EE-D704-000000005103}2776C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F309-65EE-DE0D-210000000000}0x210dde0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F309-65EE-D604-000000005103}3964C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000018Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:21.971{C36AC009-F309-65EE-D604-000000005103}3964C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F309-65EE-DE0D-210000000000}0x210dde0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F309-65EE-D404-000000005103}3948C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x800000000000000017Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:21.749{C36AC009-F309-65EE-D404-000000005103}3948C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F309-65EE-DE0D-210000000000}0x210dde0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F11F-65EE-0C00-000000005103}724C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x800000000000000015Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:20.544{C36AC009-F308-65EE-D304-000000005103}3896C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES7EE2.tmp" "c:\Users\Administrator\AppData\Local\Temp\CSC28B801143027448FA3F3B0D0C643877B.TMP"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F306-65EE-6FDC-200000000000}0x20dc6f0HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{C36AC009-F308-65EE-D204-000000005103}3024C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\rholsfnv.cmdline"EC2AMAZ-I1DH4UO\Administrator 154100x800000000000000014Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:20.387{C36AC009-F308-65EE-D204-000000005103}3024C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\ADMINI~1\AppData\Local\Temp\rholsfnv.cmdline"C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F306-65EE-6FDC-200000000000}0x20dc6f0HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{C36AC009-F307-65EE-D004-000000005103}3224C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==EC2AMAZ-I1DH4UO\Administrator 154100x800000000000000011Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:19.440{C36AC009-F307-65EE-D104-000000005103}2856C:\Windows\System32\chcp.com10.0.14393.0 (rs1_release.160715-1616)Change CodePage UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationCHCP.COM"C:\Windows\system32\chcp.com" 65001C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F306-65EE-6FDC-200000000000}0x20dc6f0HighMD5=BA6FD5B883C0899785D17CEBE66A25F6,SHA256=9FDBDF88CF2BB2794C416E3083553F2898AC9DC92DFAC2478B4C1DF667DF7C74,IMPHASH=4FB30D6E330F3FB3DB61550BD7FA7CCD{C36AC009-F307-65EE-D004-000000005103}3224C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==EC2AMAZ-I1DH4UO\Administrator 154100x80000000000000009Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:19.326{C36AC009-F307-65EE-D004-000000005103}3224C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand JgBjAGgAYwBwAC4AYwBvAG0AIAA2ADUAMAAwADEAIAA+ACAAJABuAHUAbABsAAoAaQBmACAAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuACAALQBsAHQAIABbAFYAZQByAHMAaQBvAG4AXQAiADMALgAwACIAKQAgAHsACgAnAHsAIgBmAGEAaQBsAGUAZAAiADoAdAByAHUAZQAsACIAbQBzAGcAIgA6ACIAQQBuAHMAaQBiAGwAZQAgAHIAZQBxAHUAaQByAGUAcwAgAFAAbwB3AGUAcgBTAGgAZQBsAGwAIAB2ADMALgAwACAAbwByACAAbgBlAHcAZQByACIAfQAnAAoAZQB4AGkAdAAgADEACgB9AAoAJABlAHgAZQBjAF8AdwByAGEAcABwAGUAcgBfAHMAdAByACAAPQAgACQAaQBuAHAAdQB0ACAAfAAgAE8AdQB0AC0AUwB0AHIAaQBuAGcACgAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAgAD0AIAAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAF8AcwB0AHIALgBTAHAAbABpAHQAKABAACgAIgBgADAAYAAwAGAAMABgADAAIgApACwAIAAyACwAIABbAFMAdAByAGkAbgBnAFMAcABsAGkAdABPAHAAdABpAG8AbgBzAF0AOgA6AFIAZQBtAG8AdgBlAEUAbQBwAHQAeQBFAG4AdAByAGkAZQBzACkACgBJAGYAIAAoAC0AbgBvAHQAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwAuAEwAZQBuAGcAdABoACAALQBlAHEAIAAyACkAIAB7ACAAdABoAHIAbwB3ACAAIgBpAG4AdgBhAGwAaQBkACAAcABhAHkAbABvAGEAZAAiACAAfQAKAFMAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAALQBOAGEAbQBlACAAagBzAG8AbgBfAHIAYQB3ACAALQBWAGEAbAB1AGUAIAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADEAXQAKACQAZQB4AGUAYwBfAHcAcgBhAHAAcABlAHIAIAA9ACAAWwBTAGMAcgBpAHAAdABCAGwAbwBjAGsAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHMAcABsAGkAdABfAHAAYQByAHQAcwBbADAAXQApAAoAJgAkAGUAeABlAGMAXwB3AHIAYQBwAHAAZQByAA==C:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F306-65EE-6FDC-200000000000}0x20dc6f0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F307-65EE-CF04-000000005103}3512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x80000000000000007Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:19.205{C36AC009-F307-65EE-CF04-000000005103}3512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F306-65EE-6FDC-200000000000}0x20dc6f0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C36AC009-F307-65EE-CE04-000000005103}3788C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AEC2AMAZ-I1DH4UO\Administrator 154100x80000000000000006Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:19.195{C36AC009-F307-65EE-CE04-000000005103}3788C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAASgBnAEIAagBBAEcAZwBBAFkAdwBCAHcAQQBDADQAQQBZAHcAQgB2AEEARwAwAEEASQBBAEEAMgBBAEQAVQBBAE0AQQBBAHcAQQBEAEUAQQBJAEEAQQArAEEAQwBBAEEASgBBAEIAdQBBAEgAVQBBAGIAQQBCAHMAQQBBAG8AQQBhAFEAQgBtAEEAQwBBAEEASwBBAEEAawBBAEYAQQBBAFUAdwBCAFcAQQBHAFUAQQBjAGcAQgB6AEEARwBrAEEAYgB3AEIAdQBBAEYAUQBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQB1AEEARgBBAEEAVQB3AEIAVwBBAEcAVQBBAGMAZwBCAHoAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEATABRAEIAcwBBAEgAUQBBAEkAQQBCAGIAQQBGAFkAQQBaAFEAQgB5AEEASABNAEEAYQBRAEIAdgBBAEcANABBAFgAUQBBAGkAQQBEAE0AQQBMAGcAQQB3AEEAQwBJAEEASwBRAEEAZwBBAEgAcwBBAEMAZwBBAG4AQQBIAHMAQQBJAGcAQgBtAEEARwBFAEEAYQBRAEIAcwBBAEcAVQBBAFoAQQBBAGkAQQBEAG8AQQBkAEEAQgB5AEEASABVAEEAWgBRAEEAcwBBAEMASQBBAGIAUQBCAHoAQQBHAGMAQQBJAGcAQQA2AEEAQwBJAEEAUQBRAEIAdQBBAEgATQBBAGEAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEASABJAEEAWgBRAEIAeABBAEgAVQBBAGEAUQBCAHkAQQBHAFUAQQBjAHcAQQBnAEEARgBBAEEAYgB3AEIAMwBBAEcAVQBBAGMAZwBCAFQAQQBHAGcAQQBaAFEAQgBzAEEARwB3AEEASQBBAEIAMgBBAEQATQBBAEwAZwBBAHcAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYgBnAEIAbABBAEgAYwBBAFoAUQBCAHkAQQBDAEkAQQBmAFEAQQBuAEEAQQBvAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBDAGcAQgA5AEEAQQBvAEEASgBBAEIAbABBAEgAZwBBAFoAUQBCAGoAQQBGADgAQQBkAHcAQgB5AEEARwBFAEEAYwBBAEIAdwBBAEcAVQBBAGMAZwBCAGYAQQBIAE0AQQBkAEEAQgB5AEEAQwBBAEEAUABRAEEAZwBBAEMAUQBBAGEAUQBCAHUAQQBIAEEAQQBkAFEAQgAwAEEAQwBBAEEAZgBBAEEAZwBBAEUAOABBAGQAUQBCADAAQQBDADAAQQBVAHcAQgAwAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAEMAZwBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQBnAEEARAAwAEEASQBBAEEAawBBAEcAVQBBAGUAQQBCAGwAQQBHAE0AQQBYAHcAQgAzAEEASABJAEEAWQBRAEIAdwBBAEgAQQBBAFoAUQBCAHkAQQBGADgAQQBjAHcAQgAwAEEASABJAEEATABnAEIAVABBAEgAQQBBAGIAQQBCAHAAQQBIAFEAQQBLAEEAQgBBAEEAQwBnAEEASQBnAEIAZwBBAEQAQQBBAFkAQQBBAHcAQQBHAEEAQQBNAEEAQgBnAEEARABBAEEASQBnAEEAcABBAEMAdwBBAEkAQQBBAHkAQQBDAHcAQQBJAEEAQgBiAEEARgBNAEEAZABBAEIAeQBBAEcAawBBAGIAZwBCAG4AQQBGAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAUABBAEgAQQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQgB6AEEARgAwAEEATwBnAEEANgBBAEYASQBBAFoAUQBCAHQAQQBHADgAQQBkAGcAQgBsAEEARQBVAEEAYgBRAEIAdwBBAEgAUQBBAGUAUQBCAEYAQQBHADQAQQBkAEEAQgB5AEEARwBrAEEAWgBRAEIAegBBAEMAawBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQQB1AEEARQB3AEEAWgBRAEIAdQBBAEcAYwBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBsAEEASABFAEEASQBBAEEAeQBBAEMAawBBAEkAQQBCADcAQQBDAEEAQQBkAEEAQgBvAEEASABJAEEAYgB3AEIAMwBBAEMAQQBBAEkAZwBCAHAAQQBHADQAQQBkAGcAQgBoAEEARwB3AEEAYQBRAEIAawBBAEMAQQBBAGMAQQBCAGgAQQBIAGsAQQBiAEEAQgB2AEEARwBFAEEAWgBBAEEAaQBBAEMAQQBBAGYAUQBBAEsAQQBGAE0AQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEATABRAEIATwBBAEcARQBBAGIAUQBCAGwAQQBDAEEAQQBhAGcAQgB6AEEARwA4AEEAYgBnAEIAZgBBAEgASQBBAFkAUQBCADMAQQBDAEEAQQBMAFEAQgBXAEEARwBFAEEAYgBBAEIAMQBBAEcAVQBBAEkAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABFAEEAWABRAEEASwBBAEMAUQBBAFoAUQBCADQAQQBHAFUAQQBZAHcAQgBmAEEASABjAEEAYwBnAEIAaABBAEgAQQBBAGMAQQBCAGwAQQBIAEkAQQBJAEEAQQA5AEEAQwBBAEEAVwB3AEIAVABBAEcATQBBAGMAZwBCAHAAQQBIAEEAQQBkAEEAQgBDAEEARwB3AEEAYgB3AEIAagBBAEcAcwBBAFgAUQBBADYAQQBEAG8AQQBRAHcAQgB5AEEARwBVAEEAWQBRAEIAMABBAEcAVQBBAEsAQQBBAGsAQQBIAE0AQQBjAEEAQgBzAEEARwBrAEEAZABBAEIAZgBBAEgAQQBBAFkAUQBCAHkAQQBIAFEAQQBjAHcAQgBiAEEARABBAEEAWABRAEEAcABBAEEAbwBBAEoAZwBBAGsAQQBHAFUAQQBlAEEAQgBsAEEARwBNAEEAWAB3AEIAMwBBAEgASQBBAFkAUQBCAHcAQQBIAEEAQQBaAFEAQgB5AEEAQQA9AD0AC:\Users\Administrator\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F306-65EE-6FDC-200000000000}0x20dc6f0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C36AC009-F306-65EE-CC04-000000005103}984C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingEC2AMAZ-I1DH4UO\Administrator 154100x80000000000000005Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:18.972{C36AC009-F306-65EE-CC04-000000005103}984C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\EC2AMAZ-I1DH4UO\Administrator{C36AC009-F306-65EE-6FDC-200000000000}0x20dc6f0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C36AC009-F11F-65EE-0C00-000000005103}724C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000004Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:17.102{C36AC009-F305-65EE-CB04-000000005103}292C:\Windows\System32\wbem\unsecapp.exe10.0.14393.4169 (rs1_release.210107-1130)Sink to receive asynchronous callbacks for WMI client applicationMicrosoft® Windows® Operating SystemMicrosoft Corporationunsecapp.dllC:\Windows\system32\wbem\unsecapp.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F11F-65EE-E703-000000000000}0x3e70SystemMD5=2443CA5962E2134CB389DCD5056D27AE,SHA256=018FF62BCDC292CF9290DB0574C8EF9C97EBC26933C8FC950DD8E6B2B91972FB,IMPHASH=A3CC49DF67C2278F822C9EBB9908BF09{C36AC009-F11F-65EE-0C00-000000005103}724C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000003Microsoft-Windows-Sysmon/OperationalEC2AMAZ-I1DH4UO-2024-03-11 12:03:17.019{C36AC009-F305-65EE-CA04-000000005103}508C:\Windows\sysmon64.exe15.14System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-C:\Windows\sysmon64.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{C36AC009-F11F-65EE-E703-000000000000}0x3e70SystemMD5=99C68A0A2EE8E42EBB52E1C84F80B730,SHA256=39B094613132377BC236F4AD940A3E02C544F86347C0179A9425EDC1BD3B85CD,IMPHASH=A039666F8D08DD16E0909469DA998438{C36AC009-F11F-65EE-0A00-000000005103}616C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM