154100x8000000000000000218993Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:24:37.265{AE77D3C2-1E35-657B-1604-000000003403}4584C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{AE77D3C2-FEF1-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-0049-657B-8E00-000000003403}1328C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000218992Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:24:37.211{AE77D3C2-1E35-657B-1504-000000003403}3428C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{AE77D3C2-FEF1-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-0049-657B-8E00-000000003403}1328C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000218989Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:24:37.155{AE77D3C2-1E35-657B-1404-000000003403}4976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{AE77D3C2-FEF1-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-0049-657B-8E00-000000003403}1328C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000218988Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:24:37.072{AE77D3C2-1E35-657B-1204-000000003403}2116C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{AE77D3C2-FEF1-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-0049-657B-8E00-000000003403}1328C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000164519Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-12-14 15:22:00.328{C429ADC8-1D98-657B-EE03-000000003403}4976C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C429ADC8-FEF3-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C429ADC8-004A-657B-8F00-000000003403}616C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000164518Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-12-14 15:22:00.241{C429ADC8-1D98-657B-ED03-000000003403}5032C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C429ADC8-FEF3-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C429ADC8-004A-657B-8F00-000000003403}616C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000164517Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-12-14 15:22:00.161{C429ADC8-1D98-657B-EC03-000000003403}4268C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C429ADC8-FEF3-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C429ADC8-004A-657B-8F00-000000003403}616C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000164516Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-12-14 15:21:59.980{C429ADC8-1D97-657B-EA03-000000003403}4132C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C429ADC8-FEF3-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C429ADC8-004A-657B-8F00-000000003403}616C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000218420Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:20:03.109{AE77D3C2-1D23-657B-FA03-000000003403}3956C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic /node:"18.190.133.215" /user:admin /password:administrator┬áprocess list briefC:\Temp\ATTACKRANGE\Administrator{AE77D3C2-0DF6-657B-AB3A-100000000000}0x103aab2HighMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-1D0A-657B-F003-000000003403}4944C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x8000000000000000218419Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:20:03.000{AE77D3C2-1D23-657B-F903-000000003403}4516C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic process 528 get commandlineC:\Temp\ATTACKRANGE\Administrator{AE77D3C2-0DF6-657B-AB3A-100000000000}0x103aab2HighMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-1D0A-657B-F003-000000003403}4944C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x8000000000000000218418Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:20:02.853{AE77D3C2-1D22-657B-F803-000000003403}3564C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic process get commandline -allC:\Temp\ATTACKRANGE\Administrator{AE77D3C2-0DF6-657B-AB3A-100000000000}0x103aab2HighMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-1D0A-657B-F003-000000003403}4944C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x8000000000000000218370Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:19:41.774{AE77D3C2-1D0D-657B-F203-000000003403}4584C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic /node:"18.190.133.215" process list briefC:\Temp\ATTACKRANGE\Administrator{AE77D3C2-0DF6-657B-AB3A-100000000000}0x103aab2HighMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-1D0A-657B-F003-000000003403}4944C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator 154100x8000000000000000218357Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:19:37.271{AE77D3C2-1D09-657B-EF03-000000003403}4236C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{AE77D3C2-FEF1-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-0049-657B-8E00-000000003403}1328C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000218356Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:19:37.219{AE77D3C2-1D09-657B-EE03-000000003403}1692C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{AE77D3C2-FEF1-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-0049-657B-8E00-000000003403}1328C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000218355Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:19:37.162{AE77D3C2-1D09-657B-ED03-000000003403}5032C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{AE77D3C2-FEF1-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-0049-657B-8E00-000000003403}1328C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000218354Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:19:37.070{AE77D3C2-1D09-657B-EC03-000000003403}2348C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{AE77D3C2-FEF1-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-0049-657B-8E00-000000003403}1328C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000218333Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:19:30.329{AE77D3C2-1D02-657B-E803-000000003403}4152C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic /node:"18.190.133.215" /user:admin /password:administrator┬áprocess list briefC:\Temp\ATTACKRANGE\Administrator{AE77D3C2-0DF6-657B-AB3A-100000000000}0x103aab2HighMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-1CEC-657B-E203-000000003403}3956C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Temp\svr.bat" "ATTACKRANGE\Administrator 154100x8000000000000000218332Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:19:30.241{AE77D3C2-1D02-657B-E703-000000003403}3980C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic process 528 get commandlineC:\Temp\ATTACKRANGE\Administrator{AE77D3C2-0DF6-657B-AB3A-100000000000}0x103aab2HighMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-1CEC-657B-E203-000000003403}3956C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Temp\svr.bat" "ATTACKRANGE\Administrator 154100x8000000000000000218331Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:19:30.073{AE77D3C2-1D02-657B-E503-000000003403}3092C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic process get commandline -allC:\Temp\ATTACKRANGE\Administrator{AE77D3C2-0DF6-657B-AB3A-100000000000}0x103aab2HighMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-1CEC-657B-E203-000000003403}3956C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Temp\svr.bat" "ATTACKRANGE\Administrator 154100x8000000000000000218288Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:19:08.923{AE77D3C2-1CEC-657B-E403-000000003403}3572C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic /node:"18.190.133.215" process list briefC:\Temp\ATTACKRANGE\Administrator{AE77D3C2-0DF6-657B-AB3A-100000000000}0x103aab2HighMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-1CEC-657B-E203-000000003403}3956C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Temp\svr.bat" "ATTACKRANGE\Administrator 154100x8000000000000000164443Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-12-14 15:17:00.379{C429ADC8-1C6C-657B-D003-000000003403}4560C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C429ADC8-FEF3-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C429ADC8-004A-657B-8F00-000000003403}616C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000164442Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-12-14 15:17:00.294{C429ADC8-1C6C-657B-CF03-000000003403}3856C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C429ADC8-FEF3-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C429ADC8-004A-657B-8F00-000000003403}616C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000164441Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-12-14 15:17:00.180{C429ADC8-1C6C-657B-CE03-000000003403}3400C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C429ADC8-FEF3-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C429ADC8-004A-657B-8F00-000000003403}616C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000164440Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-12-14 15:16:59.975{C429ADC8-1C6B-657B-CC03-000000003403}5108C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C429ADC8-FEF3-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C429ADC8-004A-657B-8F00-000000003403}616C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000217709Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:14:37.289{AE77D3C2-1BDD-657B-C303-000000003403}3520C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{AE77D3C2-FEF1-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-0049-657B-8E00-000000003403}1328C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000217708Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:14:37.226{AE77D3C2-1BDD-657B-C203-000000003403}4812C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{AE77D3C2-FEF1-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-0049-657B-8E00-000000003403}1328C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000217707Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:14:37.169{AE77D3C2-1BDD-657B-C103-000000003403}2100C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{AE77D3C2-FEF1-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-0049-657B-8E00-000000003403}1328C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000217706Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-12-14 15:14:37.067{AE77D3C2-1BDD-657B-BF03-000000003403}4876C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{AE77D3C2-FEF1-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{AE77D3C2-0049-657B-8E00-000000003403}1328C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000164323Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-12-14 15:12:00.372{C429ADC8-1B40-657B-B203-000000003403}3608C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Version /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C429ADC8-FEF3-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C429ADC8-004A-657B-8F00-000000003403}616C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000164322Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-12-14 15:12:00.294{C429ADC8-1B40-657B-B103-000000003403}4896C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exewmic OS get Caption /format:listC:\Windows\system32\NT AUTHORITY\SYSTEM{C429ADC8-FEF3-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C429ADC8-004A-657B-8F00-000000003403}616C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000164321Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-12-14 15:12:00.197{C429ADC8-1B40-657B-B003-000000003403}896C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get Domain /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C429ADC8-FEF3-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C429ADC8-004A-657B-8F00-000000003403}616C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM 154100x8000000000000000164320Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-12-14 15:11:59.973{C429ADC8-1B3F-657B-AE03-000000003403}3764C:\Windows\System32\wbem\WMIC.exe10.0.14393.0 (rs1_release.160715-1616)WMI Commandline UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationwmic.exeC:\Windows\System32\wbem\wmic.exe computersystem get DNSHostName /valueC:\Windows\system32\NT AUTHORITY\SYSTEM{C429ADC8-FEF3-657A-E703-000000000000}0x3e70SystemMD5=2CEE7F1AD77D8817E0F043E5E5ED1C83,SHA256=6679EA8FBEB539B5852CE8838420471FED0600F5050F3370DBB355DAC76BF072,IMPHASH=1B1A3F43BF37B5BFE60751F2EE2F326E{C429ADC8-004A-657B-8F00-000000003403}616C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"C:\Program Files\Amazon\SSM\ssm-agent-worker.exe"NT AUTHORITY\SYSTEM