10341000x800000000000000015277618Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:05:20.877{0F9A6540-EDFF-63F4-3C00-00000000C102}34766480C:\Windows\system32\wbem\wmiprvse.exe{0F9A6540-4020-63F5-B809-00000000C102}5940c:\windows\system32\notepad.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+11b6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c144|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015277617Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:05:20.877{0F9A6540-EDFF-63F4-3C00-00000000C102}34766480C:\Windows\system32\wbem\wmiprvse.exe{0F9A6540-4020-63F5-B809-00000000C102}5940c:\windows\system32\notepad.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+11b6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c144|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015277565Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:05:20.877{0F9A6540-EDEA-63F4-0B00-00000000C102}676872C:\Windows\system32\lsass.exe{0F9A6540-4020-63F5-B809-00000000C102}5940c:\windows\system32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\lsasrv.dll+77ccc|C:\Windows\system32\lsasrv.dll+e79f4|C:\Windows\System32\RPCRT4.dll+7b183|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+538bc|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 824800x800000000000000015277473Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:05:20.685{0F9A6540-3D66-63F5-5C09-00000000C102}6596C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe{0F9A6540-4020-63F5-B809-00000000C102}5940C:\Windows\System32\notepad.exe69120x0000017DACD70000-- 10341000x800000000000000015277470Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:05:20.684{0F9A6540-3D66-63F5-5C09-00000000C102}65965568C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe{0F9A6540-4020-63F5-B809-00000000C102}5940c:\windows\system32\notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe+5d19e 10341000x800000000000000015277467Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:05:20.683{0F9A6540-FC4B-63F4-4302-00000000C102}46603084C:\Windows\system32\csrss.exe{0F9A6540-4020-63F5-B809-00000000C102}5940c:\windows\system32\notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015277466Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:05:20.683{0F9A6540-3D66-63F5-5C09-00000000C102}65965568C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe{0F9A6540-4020-63F5-B809-00000000C102}5940c:\windows\system32\notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\KERNELBASE.dll+24890|C:\Windows\System32\KERNELBASE.dll+22e56|C:\Windows\System32\KERNEL32.DLL+1c373|C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe+5d19e 154100x800000000000000015277465Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:05:20.682{0F9A6540-4020-63F5-B809-00000000C102}5940C:\Windows\System32\notepad.exe10.0.14393.4169 (rs1_release.210107-1130)NotepadMicrosoft® Windows® Operating SystemMicrosoft CorporationNOTEPAD.EXEc:\windows\system32\notepad.exe ""C:\Users\Administrator\Downloads\ATTACKRANGE\Administrator{0F9A6540-FC4D-63F4-EFF2-260000000000}0x26f2ef2MediumMD5=BA78FCF8CA9D806C6C047357E31748DE,SHA256=34A07759492E31AEC2A009505FE8DFB50242375C4308AD4657B2872F4F75A077,IMPHASH=968239BE2020F1C0DAFFDCDBD49E9C82{0F9A6540-3D66-63F5-5C09-00000000C102}6596C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe"C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe" 10341000x800000000000000015277464Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:05:20.682{0F9A6540-EDED-63F4-1000-00000000C102}4686648C:\Windows\System32\svchost.exe{0F9A6540-4020-63F5-B809-00000000C102}5940c:\windows\system32\notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015276072Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:03:00.898{0F9A6540-EDFF-63F4-3C00-00000000C102}34766480C:\Windows\system32\wbem\wmiprvse.exe{0F9A6540-3F94-63F5-A709-00000000C102}5480c:\windows\system32\notepad.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+11b6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c144|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015276071Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:03:00.898{0F9A6540-EDFF-63F4-3C00-00000000C102}34766480C:\Windows\system32\wbem\wmiprvse.exe{0F9A6540-3F94-63F5-A709-00000000C102}5480c:\windows\system32\notepad.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+11b6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c144|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015276008Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:03:00.875{0F9A6540-EDEA-63F4-0B00-00000000C102}676796C:\Windows\system32\lsass.exe{0F9A6540-3F94-63F5-A709-00000000C102}5480c:\windows\system32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\lsasrv.dll+77ccc|C:\Windows\system32\lsasrv.dll+e79f4|C:\Windows\System32\RPCRT4.dll+7b183|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+538bc|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 824800x800000000000000015275935Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:03:00.651{0F9A6540-3D66-63F5-5C09-00000000C102}6596C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe{0F9A6540-3F94-63F5-A709-00000000C102}5480C:\Windows\System32\notepad.exe10320x000002BB84710000-- 10341000x800000000000000015275934Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:03:00.651{0F9A6540-3D66-63F5-5C09-00000000C102}65965932C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe{0F9A6540-3F94-63F5-A709-00000000C102}5480c:\windows\system32\notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe+5d19e 10341000x800000000000000015275929Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:03:00.650{0F9A6540-FC4B-63F4-4302-00000000C102}46601704C:\Windows\system32\csrss.exe{0F9A6540-3F94-63F5-A709-00000000C102}5480c:\windows\system32\notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015275928Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:03:00.649{0F9A6540-3D66-63F5-5C09-00000000C102}65965932C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe{0F9A6540-3F94-63F5-A709-00000000C102}5480c:\windows\system32\notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\KERNELBASE.dll+24890|C:\Windows\System32\KERNELBASE.dll+22e56|C:\Windows\System32\KERNEL32.DLL+1c373|C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe+5d19e 154100x800000000000000015275927Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:03:00.650{0F9A6540-3F94-63F5-A709-00000000C102}5480C:\Windows\System32\notepad.exe10.0.14393.4169 (rs1_release.210107-1130)NotepadMicrosoft® Windows® Operating SystemMicrosoft CorporationNOTEPAD.EXEc:\windows\system32\notepad.exe ""C:\Users\Administrator\Downloads\ATTACKRANGE\Administrator{0F9A6540-FC4D-63F4-EFF2-260000000000}0x26f2ef2MediumMD5=BA78FCF8CA9D806C6C047357E31748DE,SHA256=34A07759492E31AEC2A009505FE8DFB50242375C4308AD4657B2872F4F75A077,IMPHASH=968239BE2020F1C0DAFFDCDBD49E9C82{0F9A6540-3D66-63F5-5C09-00000000C102}6596C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe"C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe" 10341000x800000000000000015275926Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:03:00.649{0F9A6540-EDED-63F4-1000-00000000C102}4686648C:\Windows\System32\svchost.exe{0F9A6540-3F94-63F5-A709-00000000C102}5480c:\windows\system32\notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015275732Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:31.052{0F9A6540-EDFE-63F4-3A00-00000000C102}23363804C:\Program Files\Aurora-Agent\aurora-agent.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6a18(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000012C80850) 10341000x800000000000000015275731Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:31.052{0F9A6540-EDFE-63F4-3A00-00000000C102}23363804C:\Program Files\Aurora-Agent\aurora-agent.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6a18(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000012C80850) 10341000x800000000000000015275730Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:31.052{0F9A6540-EDFE-63F4-3A00-00000000C102}23363804C:\Program Files\Aurora-Agent\aurora-agent.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6a18(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000012C80850) 10341000x800000000000000015275723Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:30.980{0F9A6540-EDFE-63F4-3A00-00000000C102}23363804C:\Program Files\Aurora-Agent\aurora-agent.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x1010C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6a18(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000012C80850) 10341000x800000000000000015275722Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:30.980{0F9A6540-EDFE-63F4-3A00-00000000C102}23363804C:\Program Files\Aurora-Agent\aurora-agent.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6a18(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000012C80850) 10341000x800000000000000015275721Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:30.980{0F9A6540-EDFE-63F4-3A00-00000000C102}23363804C:\Program Files\Aurora-Agent\aurora-agent.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6a18(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000012C80850) 10341000x800000000000000015275720Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:30.964{0F9A6540-EDFF-63F4-3C00-00000000C102}34766480C:\Windows\system32\wbem\wmiprvse.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+3b59|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+414d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+d007|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+cb01|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2f5e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+27fe|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+11b6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c144|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015275719Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:30.964{0F9A6540-EDFF-63F4-3C00-00000000C102}34766480C:\Windows\system32\wbem\wmiprvse.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c669|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c71b|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2fde|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2b9e|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+2659|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+11b6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CorperfmonExt.dll+c144|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000015275608Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:30.955{0F9A6540-EDEA-63F4-0B00-00000000C102}676872C:\Windows\system32\lsass.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\lsasrv.dll+77ccc|C:\Windows\system32\lsasrv.dll+e79f4|C:\Windows\System32\RPCRT4.dll+7b183|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+538bc|C:\Windows\System32\RPCRT4.dll+35824|C:\Windows\System32\RPCRT4.dll+3473d|C:\Windows\System32\RPCRT4.dll+34feb|C:\Windows\System32\RPCRT4.dll+20ddc|C:\Windows\System32\RPCRT4.dll+2125c|C:\Windows\System32\RPCRT4.dll+106bc|C:\Windows\System32\RPCRT4.dll+11f1b|C:\Windows\System32\RPCRT4.dll+1a50a|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 824800x800000000000000015275583Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:30.635{0F9A6540-3D66-63F5-5C09-00000000C102}6596C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496C:\Windows\System32\notepad.exe69520x00000195319B0000-- 10341000x800000000000000015275582Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:30.634{0F9A6540-3D66-63F5-5C09-00000000C102}65965916C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe+5d19e 10341000x800000000000000015275578Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:30.626{0F9A6540-FC4B-63F4-4302-00000000C102}46603084C:\Windows\system32\csrss.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000015275576Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:30.625{0F9A6540-3D66-63F5-5C09-00000000C102}65965916C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7424|C:\Windows\System32\KERNELBASE.dll+24890|C:\Windows\System32\KERNELBASE.dll+22e56|C:\Windows\System32\KERNEL32.DLL+1c373|C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe+5d19e 154100x800000000000000015275575Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:30.619{0F9A6540-3F76-63F5-A609-00000000C102}6496C:\Windows\System32\notepad.exe10.0.14393.4169 (rs1_release.210107-1130)NotepadMicrosoft® Windows® Operating SystemMicrosoft CorporationNOTEPAD.EXEc:\windows\system32\notepad.exe ""C:\Users\Administrator\Downloads\ATTACKRANGE\Administrator{0F9A6540-FC4D-63F4-EFF2-260000000000}0x26f2ef2MediumMD5=BA78FCF8CA9D806C6C047357E31748DE,SHA256=34A07759492E31AEC2A009505FE8DFB50242375C4308AD4657B2872F4F75A077,IMPHASH=968239BE2020F1C0DAFFDCDBD49E9C82{0F9A6540-3D66-63F5-5C09-00000000C102}6596C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe"C:\Users\Administrator\Downloads\ILL_UNBLINKING.exe" 10341000x800000000000000015275574Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-84.attackrange.local-2023-02-21 22:02:30.619{0F9A6540-EDED-63F4-1000-00000000C102}4686648C:\Windows\System32\svchost.exe{0F9A6540-3F76-63F5-A609-00000000C102}6496c:\windows\system32\notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791