154100x800000000000000073922Microsoft-Windows-Sysmon/OperationalEC2AMAZ-8HFGKTD-2026-02-25 09:26:18.447{cf0731c2-c03a-699e-8cd5-000000005702}2344C:\Windows\System32\wbem\WMIC.exe10.0.20348.2849 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic path win32_VideoController get nameC:\Users\Public\EC2AMAZ-8HFGKTD\Administrator{cf0731c2-34e1-6997-0e14-0a0000000000}0xa140e2HighMD5=2F0740DFF1F664DBCB3C0D4025FD1BE5,SHA256=24BF26349E8947F05AAF6A7FAC826C98084876CC17F369FA9B95861A361D4A97,IMPHASH=16A48C3CABF98A9DC1BF02C07FE1EA00{cf0731c2-c03a-699e-8ad5-000000005702}4220C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"EC2AMAZ-8HFGKTD\Administrator 154100x800000000000000073921Microsoft-Windows-Sysmon/OperationalEC2AMAZ-8HFGKTD-2026-02-25 09:26:18.395{cf0731c2-c03a-699e-8ad5-000000005702}4220C:\Windows\System32\cmd.exe10.0.20348.4647 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"C:\Users\Public\EC2AMAZ-8HFGKTD\Administrator{cf0731c2-34e1-6997-0e14-0a0000000000}0xa140e2HighMD5=F63068E624FE6B82058AAAA671D4BC96,SHA256=90D120880614E1E2A94067BAAD1454B09E2BE7A9DA51B71E33C247077D9F9538,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{cf0731c2-c030-699e-64d5-000000005702}6592C:\Users\Public\blank-grabber.exe"C:\Users\Public\blank-grabber.exe" EC2AMAZ-8HFGKTD\Administrator 154100x800000000000000073917Microsoft-Windows-Sysmon/OperationalEC2AMAZ-8HFGKTD-2026-02-25 09:26:17.814{cf0731c2-c039-699e-86d5-000000005702}5432C:\Windows\System32\wbem\WMIC.exe10.0.20348.2849 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic csproduct get uuidC:\Users\Public\EC2AMAZ-8HFGKTD\Administrator{cf0731c2-34e1-6997-0e14-0a0000000000}0xa140e2HighMD5=2F0740DFF1F664DBCB3C0D4025FD1BE5,SHA256=24BF26349E8947F05AAF6A7FAC826C98084876CC17F369FA9B95861A361D4A97,IMPHASH=16A48C3CABF98A9DC1BF02C07FE1EA00{cf0731c2-c039-699e-84d5-000000005702}5308C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"EC2AMAZ-8HFGKTD\Administrator 154100x800000000000000073916Microsoft-Windows-Sysmon/OperationalEC2AMAZ-8HFGKTD-2026-02-25 09:26:17.767{cf0731c2-c039-699e-84d5-000000005702}5308C:\Windows\System32\cmd.exe10.0.20348.4647 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"C:\Users\Public\EC2AMAZ-8HFGKTD\Administrator{cf0731c2-34e1-6997-0e14-0a0000000000}0xa140e2HighMD5=F63068E624FE6B82058AAAA671D4BC96,SHA256=90D120880614E1E2A94067BAAD1454B09E2BE7A9DA51B71E33C247077D9F9538,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{cf0731c2-c030-699e-64d5-000000005702}6592C:\Users\Public\blank-grabber.exe"C:\Users\Public\blank-grabber.exe" EC2AMAZ-8HFGKTD\Administrator 154100x800000000000000073915Microsoft-Windows-Sysmon/OperationalEC2AMAZ-8HFGKTD-2026-02-25 09:26:17.674{cf0731c2-c039-699e-83d5-000000005702}6768C:\Windows\System32\wbem\WMIC.exe10.0.20348.2849 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic computersystem get totalphysicalmemoryC:\Users\Public\EC2AMAZ-8HFGKTD\Administrator{cf0731c2-34e1-6997-0e14-0a0000000000}0xa140e2HighMD5=2F0740DFF1F664DBCB3C0D4025FD1BE5,SHA256=24BF26349E8947F05AAF6A7FAC826C98084876CC17F369FA9B95861A361D4A97,IMPHASH=16A48C3CABF98A9DC1BF02C07FE1EA00{cf0731c2-c039-699e-81d5-000000005702}2076C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"EC2AMAZ-8HFGKTD\Administrator 154100x800000000000000073914Microsoft-Windows-Sysmon/OperationalEC2AMAZ-8HFGKTD-2026-02-25 09:26:17.618{cf0731c2-c039-699e-81d5-000000005702}2076C:\Windows\System32\cmd.exe10.0.20348.4647 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"C:\Users\Public\EC2AMAZ-8HFGKTD\Administrator{cf0731c2-34e1-6997-0e14-0a0000000000}0xa140e2HighMD5=F63068E624FE6B82058AAAA671D4BC96,SHA256=90D120880614E1E2A94067BAAD1454B09E2BE7A9DA51B71E33C247077D9F9538,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{cf0731c2-c030-699e-64d5-000000005702}6592C:\Users\Public\blank-grabber.exe"C:\Users\Public\blank-grabber.exe" EC2AMAZ-8HFGKTD\Administrator 154100x800000000000000073913Microsoft-Windows-Sysmon/OperationalEC2AMAZ-8HFGKTD-2026-02-25 09:26:17.521{cf0731c2-c039-699e-80d5-000000005702}7180C:\Windows\System32\wbem\WMIC.exe10.0.20348.2849 (WinBuild.160101.0800)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic os get CaptionC:\Users\Public\EC2AMAZ-8HFGKTD\Administrator{cf0731c2-34e1-6997-0e14-0a0000000000}0xa140e2HighMD5=2F0740DFF1F664DBCB3C0D4025FD1BE5,SHA256=24BF26349E8947F05AAF6A7FAC826C98084876CC17F369FA9B95861A361D4A97,IMPHASH=16A48C3CABF98A9DC1BF02C07FE1EA00{cf0731c2-c039-699e-7ed5-000000005702}4788C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic os get Caption"EC2AMAZ-8HFGKTD\Administrator 154100x800000000000000073912Microsoft-Windows-Sysmon/OperationalEC2AMAZ-8HFGKTD-2026-02-25 09:26:17.449{cf0731c2-c039-699e-7ed5-000000005702}4788C:\Windows\System32\cmd.exe10.0.20348.4647 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "wmic os get Caption"C:\Users\Public\EC2AMAZ-8HFGKTD\Administrator{cf0731c2-34e1-6997-0e14-0a0000000000}0xa140e2HighMD5=F63068E624FE6B82058AAAA671D4BC96,SHA256=90D120880614E1E2A94067BAAD1454B09E2BE7A9DA51B71E33C247077D9F9538,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{cf0731c2-c030-699e-64d5-000000005702}6592C:\Users\Public\blank-grabber.exe"C:\Users\Public\blank-grabber.exe" EC2AMAZ-8HFGKTD\Administrator