154100x800000000000000022206602Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-139.attackrange.local-2022-02-09 17:31:58.360{834264DD-FA8E-6203-DCFD-020000002702}6668C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C net1 localgroupC:\Windows\system32\ATTACKRANGE\Administrator{834264DD-DB10-61EA-4958-090000000000}0x958490HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F{834264DD-F1F7-6203-CAFC-020000002702}11092C:\Windows\System32\msra.exe"C:\Windows\System32\msra.exe" ATTACKRANGE\Administrator 154100x800000000000000022206497Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-139.attackrange.local-2022-02-09 17:31:58.275{834264DD-FA8E-6203-D9FD-020000002702}9844C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C route printC:\Windows\system32\ATTACKRANGE\Administrator{834264DD-DB10-61EA-4958-090000000000}0x958490HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F{834264DD-F1F7-6203-CAFC-020000002702}11092C:\Windows\System32\msra.exe"C:\Windows\System32\msra.exe" ATTACKRANGE\Administrator 154100x800000000000000022204859Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-139.attackrange.local-2022-02-09 17:31:45.745{834264DD-FA81-6203-D5FD-020000002702}10260C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C nslookup -querytype=ALL -timeout=10 _ldap._tcp.dc._msdcs.example.comC:\Windows\system32\ATTACKRANGE\Administrator{834264DD-DB10-61EA-4958-090000000000}0x958490HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F{834264DD-F1F7-6203-CAFC-020000002702}11092C:\Windows\System32\msra.exe"C:\Windows\System32\msra.exe" ATTACKRANGE\Administrator 154100x800000000000000022203624Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-139.attackrange.local-2022-02-09 17:31:36.956{834264DD-FA78-6203-D2FD-020000002702}7288C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C arp -aC:\Windows\system32\ATTACKRANGE\Administrator{834264DD-DB10-61EA-4958-090000000000}0x958490HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F{834264DD-F1F7-6203-CAFC-020000002702}11092C:\Windows\System32\msra.exe"C:\Windows\System32\msra.exe" ATTACKRANGE\Administrator 154100x800000000000000022200442Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-139.attackrange.local-2022-02-09 17:31:12.318{834264DD-FA60-6203-CFFD-020000002702}10700C:\Windows\SysWOW64\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C whoami /allC:\Windows\system32\ATTACKRANGE\Administrator{834264DD-DB10-61EA-4958-090000000000}0x958490HighMD5=0FEC5F30E705EADAEA5E9144F2FB12DC,SHA256=614CA7B627533E22AA3E5C3594605DC6FE6F000B0CC2B845ECE47CA60673EC7F{834264DD-F1F7-6203-CAFC-020000002702}11092C:\Windows\System32\msra.exe"C:\Windows\System32\msra.exe" ATTACKRANGE\Administrator 154100x800000000000000021965053Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-139.attackrange.local-2022-02-09 16:59:35.979{834264DD-F2F7-6203-E9FC-020000002702}3588C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C whoamiC:\Windows\system32\ATTACKRANGE\Administrator{834264DD-DB10-61EA-4958-090000000000}0x958492HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{834264DD-F1F7-6203-CAFC-020000002702}11092C:\Windows\System32\msra.exe"C:\Windows\System32\msra.exe" ATTACKRANGE\Administrator 154100x800000000000000021931406Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-139.attackrange.local-2022-02-09 16:55:19.311{834264DD-F1F7-6203-CAFC-020000002702}11092C:\Windows\System32\msra.exe10.0.14393.4530 (rs1_release.210705-0736)Windows Remote AssistanceMicrosoft® Windows® Operating SystemMicrosoft Corporationmsra.exe"C:\Windows\System32\msra.exe" C:\Windows\system32\ATTACKRANGE\Administrator{834264DD-DB10-61EA-4958-090000000000}0x958492HighMD5=366973E09A53E5D97CEEAB107BE2AE74,SHA256=1B85C9FCABD797E34B73F55793F79B4B3C3621883685EA0572445A93B6D95005{834264DD-DB10-61EA-8D00-000000002702}4820C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -EmbeddingATTACKRANGE\Administrator 154100x800000000000000021930944Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-139.attackrange.local-2022-02-09 16:55:19.095{834264DD-F1F7-6203-C7FC-020000002702}8732C:\Windows\System32\msra.exe10.0.14393.4530 (rs1_release.210705-0736)Windows Remote AssistanceMicrosoft® Windows® Operating SystemMicrosoft Corporationmsra.exe"C:\Windows\System32\msra.exe" C:\Windows\system32\ATTACKRANGE\Administrator{834264DD-DB10-61EA-4958-090000000000}0x958492HighMD5=366973E09A53E5D97CEEAB107BE2AE74,SHA256=1B85C9FCABD797E34B73F55793F79B4B3C3621883685EA0572445A93B6D95005{834264DD-DB10-61EA-8D00-000000002702}4820C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -EmbeddingATTACKRANGE\Administrator