154100x80000000000000009084Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-06-07 10:29:48.304{EEF8DDCA-E11C-6662-7804-000000000B03}5164C:\Temp\debugger_dll_sideload\x32dbg.exe0.0.2.5x64dbgx64dbg--"C:\Temp\debugger_dll_sideload\x32dbg.exe" C:\Temp\debugger_dll_sideload\AR-WIN-2\Administrator{EEF8DDCA-BD06-6662-61CB-050000000000}0x5cb612HighMD5=62448D87739D5EE371FC3D960124A1C4,SHA256=6D65A8A6661504D389287B25CC6C1B321879EC10B60C47C2B3AACCF52F028BAE,IMPHASH=1998FE4CAB45B8BE9829BC474A106219{EEF8DDCA-BD08-6662-BB00-000000000B03}3704C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-2\Administrator 154100x80000000000000009036Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-06-07 10:29:39.504{EEF8DDCA-E113-6662-7704-000000000B03}296C:\Temp\debugger_dll_sideload\windbg.exe10.0.19041.685 (WinBuild.160101.0800)Windows GUI symbolic debuggerMicrosoft® Windows® Operating SystemMicrosoft Corporationwindbg.exe"C:\Temp\debugger_dll_sideload\windbg.exe" C:\Temp\debugger_dll_sideload\AR-WIN-2\Administrator{EEF8DDCA-BD06-6662-61CB-050000000000}0x5cb612HighMD5=04EC4F58A1F4A87B5EEB1F4B7AFC48E0,SHA256=BD1AF3DBA56B129E6C624297EEED40C898FA2981FCE5CAAFE467D88A748988A4,IMPHASH=CE2DF536539DE0880E2AEF4A9EE567FE{EEF8DDCA-BD08-6662-BB00-000000000B03}3704C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-2\Administrator 154100x80000000000000008941Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-06-07 10:14:41.503{EEF8DDCA-DD91-6662-2604-000000000B03}3608C:\Temp\debugger_dll_sideload\x32dbg.exe0.0.2.5x64dbgx64dbg--"C:\Temp\debugger_dll_sideload\x32dbg.exe" C:\Temp\debugger_dll_sideload\AR-WIN-2\Administrator{EEF8DDCA-BD06-6662-61CB-050000000000}0x5cb612HighMD5=62448D87739D5EE371FC3D960124A1C4,SHA256=6D65A8A6661504D389287B25CC6C1B321879EC10B60C47C2B3AACCF52F028BAE,IMPHASH=1998FE4CAB45B8BE9829BC474A106219{EEF8DDCA-BD08-6662-BB00-000000000B03}3704C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-2\Administrator 154100x80000000000000008939Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-06-07 10:14:33.238{EEF8DDCA-DD89-6662-2504-000000000B03}3452C:\Temp\debugger_dll_sideload\windbg.exe10.0.19041.685 (WinBuild.160101.0800)Windows GUI symbolic debuggerMicrosoft® Windows® Operating SystemMicrosoft Corporationwindbg.exe"C:\Temp\debugger_dll_sideload\windbg.exe" C:\Temp\debugger_dll_sideload\AR-WIN-2\Administrator{EEF8DDCA-BD06-6662-61CB-050000000000}0x5cb612HighMD5=04EC4F58A1F4A87B5EEB1F4B7AFC48E0,SHA256=BD1AF3DBA56B129E6C624297EEED40C898FA2981FCE5CAAFE467D88A748988A4,IMPHASH=CE2DF536539DE0880E2AEF4A9EE567FE{EEF8DDCA-BD08-6662-BB00-000000000B03}3704C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-2\Administrator 154100x80000000000000008934Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-06-07 10:14:22.144{EEF8DDCA-DD7E-6662-2404-000000000B03}5672C:\Program Files\7-Zip\7zG.exe23.017-Zip GUI7-ZipIgor Pavlov7zg.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Temp\debugger_dll_sideload\" -spe -an -ai#7zMap25721:68:7zEvent4388C:\Windows\system32\AR-WIN-2\Administrator{EEF8DDCA-BD06-6662-61CB-050000000000}0x5cb612HighMD5=50F289DF0C19484E970849AAC4E6F977,SHA256=B9B179B305C5268AD428B6AE59DE10B4FE99CF0199BBC89B7017181905E97305,IMPHASH=7EBAF00A83F50FA60B7701670F4A8B19{EEF8DDCA-BD08-6662-BB00-000000000B03}3704C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-2\Administrator