diff --git a/datasets/attack_techniques/T1134.001/uac_process_handle_dup/Computerdefaults_access.log b/datasets/attack_techniques/T1134.001/uac_process_handle_dup/Computerdefaults_access.log
new file mode 100644
index 00000000..9175e5fc
--- /dev/null
+++ b/datasets/attack_techniques/T1134.001/uac_process_handle_dup/Computerdefaults_access.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2f9d2265f105cd8bcea38d720a0eb2afd2d5894d162b5938be0ec026728b3e9e
+size 3050
diff --git a/datasets/attack_techniques/T1134.001/uac_process_handle_dup/uac_process_handle_dup.yml b/datasets/attack_techniques/T1134.001/uac_process_handle_dup/uac_process_handle_dup.yml
new file mode 100644
index 00000000..2800ea67
--- /dev/null
+++ b/datasets/attack_techniques/T1134.001/uac_process_handle_dup/uac_process_handle_dup.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 9c496a76-b672-11f0-b923-629be353806a
+date: '2025-10-31'
+description: Generated datasets for uac process handle dup in attack range.
+environment: attack_range
+directory: uac_process_handle_dup
+mitre_technique:
+- T1134.001
+datasets:
+- name: Computerdefaults_access.log
+  path: /datasets/attack_techniques/T1134.001/uac_process_handle_dup/Computerdefaults_access.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1185/browser_unusual_flag/browser_unusual_flag.yml b/datasets/attack_techniques/T1185/browser_unusual_flag/browser_unusual_flag.yml
new file mode 100644
index 00000000..f7c0f926
--- /dev/null
+++ b/datasets/attack_techniques/T1185/browser_unusual_flag/browser_unusual_flag.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 79bea778-b672-11f0-b923-629be353806a
+date: '2025-10-31'
+description: Generated datasets for browser unusual flag in attack range.
+environment: attack_range
+directory: browser_unusual_flag
+mitre_technique:
+- T1185
+datasets:
+- name: castle_chrome_shell32.log
+  path: /datasets/attack_techniques/T1185/browser_unusual_flag/castle_chrome_shell32.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1185/browser_unusual_flag/castle_chrome_shell32.log b/datasets/attack_techniques/T1185/browser_unusual_flag/castle_chrome_shell32.log
new file mode 100644
index 00000000..c12ff78e
--- /dev/null
+++ b/datasets/attack_techniques/T1185/browser_unusual_flag/castle_chrome_shell32.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c786c3ff82efdd1a76a939fbf18003f576975252fe8e1983d750e22a790a152e
+size 18755
diff --git a/datasets/attack_techniques/T1548.002/computerdefaults_spawn_proc/computerdefaults_process.log b/datasets/attack_techniques/T1548.002/computerdefaults_spawn_proc/computerdefaults_process.log
new file mode 100644
index 00000000..2954525f
--- /dev/null
+++ b/datasets/attack_techniques/T1548.002/computerdefaults_spawn_proc/computerdefaults_process.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e9a868a2f9599263413d32b01b848d4b86cbd80eaa4c5287256ee6af14080b90
+size 5873
diff --git a/datasets/attack_techniques/T1548.002/computerdefaults_spawn_proc/computerdefaults_spawn_proc.yml b/datasets/attack_techniques/T1548.002/computerdefaults_spawn_proc/computerdefaults_spawn_proc.yml
new file mode 100644
index 00000000..54c52e49
--- /dev/null
+++ b/datasets/attack_techniques/T1548.002/computerdefaults_spawn_proc/computerdefaults_spawn_proc.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 55a86252-b672-11f0-b923-629be353806a
+date: '2025-10-31'
+description: Generated datasets for computerdefaults spawn proc in attack range.
+environment: attack_range
+directory: computerdefaults_spawn_proc
+mitre_technique:
+- T1548.002
+datasets:
+- name: computerdefaults_process.log
+  path: /datasets/attack_techniques/T1548.002/computerdefaults_spawn_proc/computerdefaults_process.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file