11241100x800000000000000064985Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.642{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table100.xls2021-12-08 13:55:00.642 11241100x800000000000000064984Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.642{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table99.xls2021-12-08 13:55:00.626 11241100x800000000000000064983Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.626{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table98.xls2021-12-08 13:55:00.626 11241100x800000000000000064982Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.626{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table97.xls2021-12-08 13:55:00.626 11241100x800000000000000064981Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.626{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table96.xls2021-12-08 13:55:00.626 11241100x800000000000000064980Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.626{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table95.xls2021-12-08 13:55:00.626 11241100x800000000000000064979Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.626{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table94.xls2021-12-08 13:55:00.626 11241100x800000000000000064978Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.626{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table93.xls2021-12-08 13:55:00.626 11241100x800000000000000064977Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.626{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table92.xls2021-12-08 13:55:00.626 11241100x800000000000000064976Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.626{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table91.xls2021-12-08 13:55:00.611 11241100x800000000000000064975Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.611{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table90.xls2021-12-08 13:55:00.611 11241100x800000000000000064974Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.611{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table89.xls2021-12-08 13:55:00.611 11241100x800000000000000064973Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.611{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table88.xls2021-12-08 13:55:00.611 11241100x800000000000000064972Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.611{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table87.xls2021-12-08 13:55:00.611 11241100x800000000000000064971Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.611{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table86.xls2021-12-08 13:55:00.598 11241100x800000000000000064970Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.598{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table85.xls2021-12-08 13:55:00.598 11241100x800000000000000064969Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.598{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table84.xls2021-12-08 13:55:00.598 11241100x800000000000000064968Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.598{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table83.xls2021-12-08 13:55:00.598 11241100x800000000000000064967Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.598{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table82.xls2021-12-08 13:55:00.598 11241100x800000000000000064966Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.598{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table81.xls2021-12-08 13:55:00.598 11241100x800000000000000064965Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.598{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table80.xls2021-12-08 13:55:00.598 11241100x800000000000000064964Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.598{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table79.xls2021-12-08 13:55:00.598 11241100x800000000000000064963Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.565{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table78.xls2021-12-08 13:55:00.565 11241100x800000000000000064962Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.565{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table77.xls2021-12-08 13:55:00.565 11241100x800000000000000064961Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.565{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table76.xls2021-12-08 13:55:00.565 11241100x800000000000000064960Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.565{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table75.xls2021-12-08 13:55:00.565 11241100x800000000000000064959Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.565{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table74.xls2021-12-08 13:55:00.565 11241100x800000000000000064958Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.565{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table73.xls2021-12-08 13:55:00.565 11241100x800000000000000064957Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.565{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table72.xls2021-12-08 13:55:00.565 11241100x800000000000000064956Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.565{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table71.xls2021-12-08 13:55:00.548 11241100x800000000000000064955Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.548{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table70.xls2021-12-08 13:55:00.548 11241100x800000000000000064954Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.548{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table69.xls2021-12-08 13:55:00.548 11241100x800000000000000064953Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.548{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table68.xls2021-12-08 13:55:00.548 11241100x800000000000000064952Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.548{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table67.xls2021-12-08 13:55:00.548 11241100x800000000000000064951Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.548{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table66.xls2021-12-08 13:55:00.548 11241100x800000000000000064950Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.548{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table65.xls2021-12-08 13:55:00.548 11241100x800000000000000064949Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.533{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table64.xls2021-12-08 13:55:00.533 11241100x800000000000000064948Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.533{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table63.xls2021-12-08 13:55:00.533 11241100x800000000000000064947Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.533{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table62.xls2021-12-08 13:55:00.533 11241100x800000000000000064946Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.533{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table61.xls2021-12-08 13:55:00.533 11241100x800000000000000064945Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.533{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table60.xls2021-12-08 13:55:00.533 11241100x800000000000000064944Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.533{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table59.xls2021-12-08 13:55:00.533 11241100x800000000000000064943Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.533{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table58.xls2021-12-08 13:55:00.533 11241100x800000000000000064942Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.533{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table57.xls2021-12-08 13:55:00.533 11241100x800000000000000064941Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.533{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table56.xls2021-12-08 13:55:00.533 11241100x800000000000000064940Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.517{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table55.xls2021-12-08 13:55:00.517 11241100x800000000000000064939Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.517{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table54.xls2021-12-08 13:55:00.517 11241100x800000000000000064938Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.517{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table53.xls2021-12-08 13:55:00.517 11241100x800000000000000064937Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.517{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table52.xls2021-12-08 13:55:00.517 11241100x800000000000000064936Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.517{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table51.xls2021-12-08 13:55:00.517 11241100x800000000000000064935Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.501{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table50.xls2021-12-08 13:55:00.501 11241100x800000000000000064934Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.501{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table49.xls2021-12-08 13:55:00.501 11241100x800000000000000064933Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.501{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table48.xls2021-12-08 13:55:00.501 11241100x800000000000000064932Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.501{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table47.xls2021-12-08 13:55:00.501 11241100x800000000000000064931Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.501{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table46.xls2021-12-08 13:55:00.501 11241100x800000000000000064930Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.501{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table45.xls2021-12-08 13:55:00.501 11241100x800000000000000064929Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.501{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table44.xls2021-12-08 13:55:00.501 11241100x800000000000000064928Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.501{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table43.xls2021-12-08 13:55:00.501 11241100x800000000000000064927Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.501{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table42.xls2021-12-08 13:55:00.501 11241100x800000000000000064926Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.501{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table41.xls2021-12-08 13:55:00.501 11241100x800000000000000064925Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.501{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table40.xls2021-12-08 13:55:00.487 11241100x800000000000000064924Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.487{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table39.xls2021-12-08 13:55:00.487 11241100x800000000000000064923Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.470{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table38.xls2021-12-08 13:55:00.470 11241100x800000000000000064922Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.470{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table37.xls2021-12-08 13:55:00.470 11241100x800000000000000064921Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.470{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table36.xls2021-12-08 13:55:00.470 11241100x800000000000000064920Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.470{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table35.xls2021-12-08 13:55:00.470 11241100x800000000000000064919Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.470{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table34.xls2021-12-08 13:55:00.470 11241100x800000000000000064918Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.470{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table33.xls2021-12-08 13:55:00.470 11241100x800000000000000064917Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.470{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table32.xls2021-12-08 13:55:00.470 11241100x800000000000000064916Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.455{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table31.xls2021-12-08 13:55:00.455 11241100x800000000000000064915Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.455{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table30.xls2021-12-08 13:55:00.455 11241100x800000000000000064914Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.455{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table29.xls2021-12-08 13:55:00.455 11241100x800000000000000064913Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.455{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table28.xls2021-12-08 13:55:00.455 11241100x800000000000000064912Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.455{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table27.xls2021-12-08 13:55:00.455 11241100x800000000000000064911Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.455{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table26.xls2021-12-08 13:55:00.455 11241100x800000000000000064910Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.455{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table25.xls2021-12-08 13:55:00.455 11241100x800000000000000064909Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table24.xls2021-12-08 13:55:00.439 11241100x800000000000000064908Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table23.xls2021-12-08 13:55:00.439 11241100x800000000000000064907Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table22.xls2021-12-08 13:55:00.439 11241100x800000000000000064906Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table21.xls2021-12-08 13:55:00.439 11241100x800000000000000064905Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table20.xls2021-12-08 13:55:00.439 11241100x800000000000000064904Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table19.xls2021-12-08 13:55:00.439 11241100x800000000000000064903Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table18.xls2021-12-08 13:55:00.439 11241100x800000000000000064902Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table17.xls2021-12-08 13:55:00.439 11241100x800000000000000064901Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table16.xls2021-12-08 13:55:00.439 11241100x800000000000000064900Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table15.xls2021-12-08 13:55:00.439 11241100x800000000000000064899Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table14.xls2021-12-08 13:55:00.439 11241100x800000000000000064898Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table13.xls2021-12-08 13:55:00.439 11241100x800000000000000064897Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table12.xls2021-12-08 13:55:00.439 11241100x800000000000000064896Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table11.xls2021-12-08 13:55:00.439 11241100x800000000000000064895Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.439{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table10.xls2021-12-08 13:55:00.439 11241100x800000000000000064894Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.423{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table9.xls2021-12-08 13:55:00.423 11241100x800000000000000064893Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.423{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table8.xls2021-12-08 13:55:00.423 11241100x800000000000000064892Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.423{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table7.xls2021-12-08 13:55:00.423 11241100x800000000000000064891Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.423{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table6.xls2021-12-08 13:55:00.423 11241100x800000000000000064890Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.423{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table5.xls2021-12-08 13:55:00.423 11241100x800000000000000064889Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.423{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table4.xls2021-12-08 13:55:00.423 11241100x800000000000000064888Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.423{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table3.xls2021-12-08 13:55:00.423 11241100x800000000000000064887Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.423{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table2.xls2021-12-08 13:55:00.423 11241100x800000000000000064886Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.423{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table1.xls2021-12-08 13:55:00.423 11241100x800000000000000064885Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:55:00.423{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table0.xls2021-12-08 13:55:00.423 11241100x800000000000000064658Microsoft-Windows-Sysmon/Operationalwin-dc-575.attackrange.localDownloads2021-12-08 13:53:45.720{FECD73D5-B8BA-61B0-A10A-000000000E02}1060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\Downloads\table.xls2021-12-08 13:53:45.720