154100x800000000000000014039Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-06-22 13:55:09.484{64A8C1B0-52BD-6494-6B24-00000000F802}3184C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -ExecutionPolicy remotesigned -File .\mal.ps1C:\Temp\ATTACKRANGE\Administrator{64A8C1B0-E22B-6492-1309-230000000000}0x2309132HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{64A8C1B0-52B9-6494-6924-00000000F802}468C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"ATTACKRANGE\Administrator