154100x800000000000000013947Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-07-17 11:00:55.203{E4B49A97-D7E7-6878-A704-00000000EE03}6584C:\Windows\System32\mstsc.exe10.0.14393.4169 (rs1_release.210107-1130)Remote Desktop ConnectionMicrosoft® Windows® Operating SystemMicrosoft Corporationmstsc.exemstsc /v:10.0.1.15 /admin /f /promptC:\Temp\ATTACKRANGE\Administrator{E4B49A97-B620-6878-C041-040000000000}0x441c02HighMD5=4CDEF06648D9EBBD838902C7CACBE93C,SHA256=039EA156489734B5822B6A5B44B3F4FF06706D6F91D491477D7AB710009D2CB9,IMPHASH=625CC0C39AF8D5F649C939225D424264{E4B49A97-D773-6878-5C04-00000000EE03}4736C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x800000000000000013929Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-07-17 11:00:48.536{E4B49A97-D7E0-6878-A104-00000000EE03}5476C:\Windows\System32\mstsc.exe10.0.14393.4169 (rs1_release.210107-1130)Remote Desktop ConnectionMicrosoft® Windows® Operating SystemMicrosoft Corporationmstsc.exemstsc /v:10.0.1.15 /admin /f /promptC:\Temp\ATTACKRANGE\Administrator{E4B49A97-B620-6878-C041-040000000000}0x441c02HighMD5=4CDEF06648D9EBBD838902C7CACBE93C,SHA256=039EA156489734B5822B6A5B44B3F4FF06706D6F91D491477D7AB710009D2CB9,IMPHASH=625CC0C39AF8D5F649C939225D424264{E4B49A97-D773-6878-5C04-00000000EE03}4736C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x800000000000000013909Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-07-17 11:00:40.719{E4B49A97-D7D8-6878-9B04-00000000EE03}4072C:\Windows\System32\mstsc.exe10.0.14393.4169 (rs1_release.210107-1130)Remote Desktop ConnectionMicrosoft® Windows® Operating SystemMicrosoft Corporationmstsc.exemstsc /v:10.0.1.15 /admin /f /promptC:\Temp\ATTACKRANGE\Administrator{E4B49A97-B620-6878-C041-040000000000}0x441c02HighMD5=4CDEF06648D9EBBD838902C7CACBE93C,SHA256=039EA156489734B5822B6A5B44B3F4FF06706D6F91D491477D7AB710009D2CB9,IMPHASH=625CC0C39AF8D5F649C939225D424264{E4B49A97-D773-6878-5C04-00000000EE03}4736C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x800000000000000013888Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-07-17 11:00:32.169{E4B49A97-D7D0-6878-9504-00000000EE03}3852C:\Windows\System32\mstsc.exe10.0.14393.4169 (rs1_release.210107-1130)Remote Desktop ConnectionMicrosoft® Windows® Operating SystemMicrosoft Corporationmstsc.exemstsc /v:10.0.1.15 /admin /f /promptC:\Temp\ATTACKRANGE\Administrator{E4B49A97-B620-6878-C041-040000000000}0x441c02HighMD5=4CDEF06648D9EBBD838902C7CACBE93C,SHA256=039EA156489734B5822B6A5B44B3F4FF06706D6F91D491477D7AB710009D2CB9,IMPHASH=625CC0C39AF8D5F649C939225D424264{E4B49A97-D773-6878-5C04-00000000EE03}4736C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x800000000000000013869Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-07-17 11:00:24.703{E4B49A97-D7C8-6878-8F04-00000000EE03}1404C:\Windows\System32\mstsc.exe10.0.14393.4169 (rs1_release.210107-1130)Remote Desktop ConnectionMicrosoft® Windows® Operating SystemMicrosoft Corporationmstsc.exemstsc /v:10.0.1.15 /admin /f /promptC:\Temp\ATTACKRANGE\Administrator{E4B49A97-B620-6878-C041-040000000000}0x441c02HighMD5=4CDEF06648D9EBBD838902C7CACBE93C,SHA256=039EA156489734B5822B6A5B44B3F4FF06706D6F91D491477D7AB710009D2CB9,IMPHASH=625CC0C39AF8D5F649C939225D424264{E4B49A97-D773-6878-5C04-00000000EE03}4736C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x800000000000000013825Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-07-17 11:00:03.221{E4B49A97-D7B3-6878-8704-00000000EE03}5008C:\Windows\System32\mstsc.exe10.0.14393.4169 (rs1_release.210107-1130)Remote Desktop ConnectionMicrosoft® Windows® Operating SystemMicrosoft Corporationmstsc.exemstsc /v:10.0.1.15 /admin /f /promptC:\Temp\ATTACKRANGE\Administrator{E4B49A97-B620-6878-C041-040000000000}0x441c02HighMD5=4CDEF06648D9EBBD838902C7CACBE93C,SHA256=039EA156489734B5822B6A5B44B3F4FF06706D6F91D491477D7AB710009D2CB9,IMPHASH=625CC0C39AF8D5F649C939225D424264{E4B49A97-D773-6878-5C04-00000000EE03}4736C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x800000000000000013799Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-07-17 10:59:52.152{E4B49A97-D7A8-6878-7F04-00000000EE03}5004C:\Windows\System32\mstsc.exe10.0.14393.4169 (rs1_release.210107-1130)Remote Desktop ConnectionMicrosoft® Windows® Operating SystemMicrosoft Corporationmstsc.exemstsc /v:10.0.1.15 /admin /f /promptC:\Temp\ATTACKRANGE\Administrator{E4B49A97-B620-6878-C041-040000000000}0x441c02HighMD5=4CDEF06648D9EBBD838902C7CACBE93C,SHA256=039EA156489734B5822B6A5B44B3F4FF06706D6F91D491477D7AB710009D2CB9,IMPHASH=625CC0C39AF8D5F649C939225D424264{E4B49A97-D773-6878-5C04-00000000EE03}4736C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x800000000000000013780Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-07-17 10:59:45.072{E4B49A97-D7A1-6878-7904-00000000EE03}4084C:\Windows\System32\mstsc.exe10.0.14393.4169 (rs1_release.210107-1130)Remote Desktop ConnectionMicrosoft® Windows® Operating SystemMicrosoft Corporationmstsc.exemstsc /v:10.0.1.15 /admin /f /promptC:\Temp\ATTACKRANGE\Administrator{E4B49A97-B620-6878-C041-040000000000}0x441c02HighMD5=4CDEF06648D9EBBD838902C7CACBE93C,SHA256=039EA156489734B5822B6A5B44B3F4FF06706D6F91D491477D7AB710009D2CB9,IMPHASH=625CC0C39AF8D5F649C939225D424264{E4B49A97-D773-6878-5C04-00000000EE03}4736C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x800000000000000013756Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-07-17 10:59:35.150{E4B49A97-D797-6878-7304-00000000EE03}956C:\Windows\System32\mstsc.exe10.0.14393.4169 (rs1_release.210107-1130)Remote Desktop ConnectionMicrosoft® Windows® Operating SystemMicrosoft Corporationmstsc.exemstsc /v:10.0.1.15 /admin /f /promptC:\Temp\ATTACKRANGE\Administrator{E4B49A97-B620-6878-C041-040000000000}0x441c02HighMD5=4CDEF06648D9EBBD838902C7CACBE93C,SHA256=039EA156489734B5822B6A5B44B3F4FF06706D6F91D491477D7AB710009D2CB9,IMPHASH=625CC0C39AF8D5F649C939225D424264{E4B49A97-D773-6878-5C04-00000000EE03}4736C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x800000000000000013682Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-07-17 10:59:03.889{E4B49A97-D777-6878-6204-00000000EE03}6876C:\Windows\System32\mstsc.exe10.0.14393.4169 (rs1_release.210107-1130)Remote Desktop ConnectionMicrosoft® Windows® Operating SystemMicrosoft Corporationmstsc.exemstsc /v:10.0.1.15 /admin /f /promptC:\Temp\ATTACKRANGE\Administrator{E4B49A97-B620-6878-C041-040000000000}0x441c02HighMD5=4CDEF06648D9EBBD838902C7CACBE93C,SHA256=039EA156489734B5822B6A5B44B3F4FF06706D6F91D491477D7AB710009D2CB9,IMPHASH=625CC0C39AF8D5F649C939225D424264{E4B49A97-D773-6878-5C04-00000000EE03}4736C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator