154100x8000000000000000218425Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:20:03.199{AE77D3C2-1D23-657B-FD03-000000003403}3484C:\Windows\System32\whoami.exe10.0.14393.0 (rs1_release.160715-1616)whoami - displays logged on user informationMicrosoft® Windows® Operating SystemMicrosoft Corporationwhoami.exewhoami /privC:\Temp\ATTACKRANGE\Administrator{AE77D3C2-0DF6-657B-AB3A-100000000000}0x103aab2HighMD5=AA1E17EA3DB5CD9D8BC061CAEC74C6E8,SHA256=8ECFFCCE38D4EE87ABAEE6CBE843D94D4F8FB98FAB3C356C7F6B70E60B10F88A,IMPHASH=E24E330FA9663CE77F2031CACAEB3DF9{AE77D3C2-1D0A-657B-F003-000000003403}4944C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x8000000000000000218338Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:19:30.407{AE77D3C2-1D02-657B-EB03-000000003403}4880C:\Windows\System32\whoami.exe10.0.14393.0 (rs1_release.160715-1616)whoami - displays logged on user informationMicrosoft® Windows® Operating SystemMicrosoft Corporationwhoami.exewhoami /privC:\Temp\ATTACKRANGE\Administrator{AE77D3C2-0DF6-657B-AB3A-100000000000}0x103aab2HighMD5=AA1E17EA3DB5CD9D8BC061CAEC74C6E8,SHA256=8ECFFCCE38D4EE87ABAEE6CBE843D94D4F8FB98FAB3C356C7F6B70E60B10F88A,IMPHASH=E24E330FA9663CE77F2031CACAEB3DF9{AE77D3C2-1CEC-657B-E203-000000003403}3956C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Temp\svr.bat" "ATTACKRANGE\Administrator