154100x800000000000000065436350Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2023-01-21 13:02:33.685{CCA468B6-E269-63CB-E572-000000009C02}6916C:\Program Files\PowerShell\7\createdump.exe7,0,22,51805 @Commit: d099f075e45d2aa6007a22b71b45a08758559f80Microsoft .NET Runtime Crash Dump GeneratorMicrosoft® .NETMicrosoft CorporationFX_VER_INTERNALNAME_STR"C:\Program Files\PowerShell\7\createdump.exe" -u -f C:\Users\ADMINI~1\AppData\Local\Temp\2\dotnet-lsass.dmpC:\Users\Administrator\WIN-HOST-MHAAG-\Administrator{CCA468B6-3A1C-63C8-7D93-0F0000000000}0xf937d2HighMD5=A48662183F845ECA823960033B5B6712,SHA256=930F833726F7E77F11D1C4E8B7A6390ED46776D9797F8B8D7C253F1EC7CDC733{CCA468B6-09CB-63CB-D258-000000009C02}7100C:\Program Files\PowerShell\7\pwsh.exe"C:\Program Files\PowerShell\7\pwsh.exe" WIN-HOST-MHAAG-\Administrator 154100x800000000000000065399564Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2023-01-21 12:48:57.574{CCA468B6-DF39-63CB-3C72-000000009C02}6952C:\Program Files\PowerShell\7\createdump.exe7,0,22,51805 @Commit: d099f075e45d2aa6007a22b71b45a08758559f80Microsoft .NET Runtime Crash Dump GeneratorMicrosoft® .NETMicrosoft CorporationFX_VER_INTERNALNAME_STR"C:\Program Files\PowerShell\7\createdump.exe" -u -f C:\Users\ADMINI~1\AppData\Local\Temp\2\dotnet-lsass.dmpC:\Users\Administrator\WIN-HOST-MHAAG-\Administrator{CCA468B6-3A1C-63C8-7D93-0F0000000000}0xf937d2HighMD5=A48662183F845ECA823960033B5B6712,SHA256=930F833726F7E77F11D1C4E8B7A6390ED46776D9797F8B8D7C253F1EC7CDC733{CCA468B6-09CB-63CB-D258-000000009C02}7100C:\Program Files\PowerShell\7\pwsh.exe"C:\Program Files\PowerShell\7\pwsh.exe" WIN-HOST-MHAAG-\Administrator 154100x800000000000000065397981Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2023-01-21 12:48:40.029{CCA468B6-DF28-63CB-3B72-000000009C02}6852C:\Program Files\PowerShell\7\createdump.exe7,0,22,51805 @Commit: d099f075e45d2aa6007a22b71b45a08758559f80Microsoft .NET Runtime Crash Dump GeneratorMicrosoft® .NETMicrosoft CorporationFX_VER_INTERNALNAME_STR"C:\Program Files\PowerShell\7\createdump.exe" -u -f C:\Users\ADMINI~1\AppData\Local\Temp\2\dotnet-lsass.dmpC:\Program Files\PowerShell\7\WIN-HOST-MHAAG-\Administrator{CCA468B6-3A1C-63C8-7D93-0F0000000000}0xf937d2HighMD5=A48662183F845ECA823960033B5B6712,SHA256=930F833726F7E77F11D1C4E8B7A6390ED46776D9797F8B8D7C253F1EC7CDC733{CCA468B6-09CB-63CB-D258-000000009C02}7100C:\Program Files\PowerShell\7\pwsh.exe"C:\Program Files\PowerShell\7\pwsh.exe" WIN-HOST-MHAAG-\Administrator 154100x800000000000000065365536Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2023-01-21 12:43:22.650{CCA468B6-DDEA-63CB-0E72-000000009C02}5920C:\Program Files\PowerShell\7\createdump.exe7,0,22,51805 @Commit: d099f075e45d2aa6007a22b71b45a08758559f80Microsoft .NET Runtime Crash Dump GeneratorMicrosoft® .NETMicrosoft CorporationFX_VER_INTERNALNAME_STR"C:\Program Files\PowerShell\7\createdump.exe" -u -f C:\Users\ADMINI~1\AppData\Local\Temp\2\dotnet-lsass.dmp C:\Users\Administrator\Desktop\Doge-AMSI-patch-main\WIN-HOST-MHAAG-\Administrator{CCA468B6-3A1C-63C8-7D93-0F0000000000}0xf937d2HighMD5=A48662183F845ECA823960033B5B6712,SHA256=930F833726F7E77F11D1C4E8B7A6390ED46776D9797F8B8D7C253F1EC7CDC733{CCA468B6-EDF3-63CA-4B55-000000009C02}5532C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator 154100x800000000000000065364864Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2023-01-21 12:43:15.961{CCA468B6-DDE3-63CB-0D72-000000009C02}6292C:\Program Files\PowerShell\7\createdump.exe7,0,22,51805 @Commit: d099f075e45d2aa6007a22b71b45a08758559f80Microsoft .NET Runtime Crash Dump GeneratorMicrosoft® .NETMicrosoft CorporationFX_VER_INTERNALNAME_STR"C:\Program Files\PowerShell\7\createdump.exe" -u -f C:\Users\ADMINI~1\AppData\Local\Temp\2\dotnet-lsass.dmp 632C:\Users\Administrator\Desktop\Doge-AMSI-patch-main\WIN-HOST-MHAAG-\Administrator{CCA468B6-3A1C-63C8-7D93-0F0000000000}0xf937d2HighMD5=A48662183F845ECA823960033B5B6712,SHA256=930F833726F7E77F11D1C4E8B7A6390ED46776D9797F8B8D7C253F1EC7CDC733{CCA468B6-EDF3-63CA-4B55-000000009C02}5532C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator