154100x8000000000000000246648Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 19:57:37.194{6B7A8EA0-7831-65CA-1194-000000000E03}5160C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exeC:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --buildcache --cachefilename c:\temp\cach2.txtC:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-7831-65CA-0F94-000000000E03}3676C:\Windows\System32\cmd.exe"cmd.exe" /c C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --buildcache --cachefilename c:\temp\cach2.txtAR-WIN-2\Administrator 154100x8000000000000000246647Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 19:57:37.173{6B7A8EA0-7831-65CA-0F94-000000000E03}3676C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --buildcache --cachefilename c:\temp\cach2.txtC:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{6B7A8EA0-59AC-65CA-5691-000000000E03}6332C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 154100x8000000000000000246644Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 19:57:11.388{6B7A8EA0-7817-65CA-0C94-000000000E03}1504C:\Windows\SysWOW64\WerFault.exe10.0.14393.4402 (rs1_release.210426-1725)Windows Problem ReportingMicrosoft® Windows® Operating SystemMicrosoft CorporationWerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 1432C:\Windows\system32\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=7BD45584299308DAEA16F2221A464A7F,SHA256=55E74A461777651BE95BBBB93835E69974FE8955631D92A3B7BB97504041D1BB,IMPHASH=CABB1BD9C8861200DB46B24A4934E8E8{6B7A8EA0-7812-65CA-0794-000000000E03}6656C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exeC:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --bhdump --cachefilename c:\temp\cach2.txt --outputdirectory c:\temp\test2AR-WIN-2\Administrator 154100x8000000000000000246641Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 19:57:06.765{6B7A8EA0-7812-65CA-0794-000000000E03}6656C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exeC:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --bhdump --cachefilename c:\temp\cach2.txt --outputdirectory c:\temp\test2C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-7812-65CA-0594-000000000E03}6724C:\Windows\System32\cmd.exe"cmd.exe" /c C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --bhdump --cachefilename c:\temp\cach2.txt --outputdirectory c:\temp\test2AR-WIN-2\Administrator 154100x8000000000000000246640Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 19:57:06.736{6B7A8EA0-7812-65CA-0594-000000000E03}6724C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --bhdump --cachefilename c:\temp\cach2.txt --outputdirectory c:\temp\test2C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{6B7A8EA0-59AC-65CA-5691-000000000E03}6332C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 154100x8000000000000000246004Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:51:29.204{6B7A8EA0-5AA1-65CA-8691-000000000E03}928C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exeC:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --buildcache --cachefilename c:\temp\cach2.txtC:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-5AA1-65CA-8491-000000000E03}1608C:\Windows\System32\cmd.exe"cmd.exe" /c C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --buildcache --cachefilename c:\temp\cach2.txtAR-WIN-2\Administrator 154100x8000000000000000246003Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:51:29.181{6B7A8EA0-5AA1-65CA-8491-000000000E03}1608C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --buildcache --cachefilename c:\temp\cach2.txtC:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{6B7A8EA0-59AC-65CA-5691-000000000E03}6332C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 13241300x8000000000000000246000Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2024-02-12 17:51:21.060{6B7A8EA0-5A98-65CA-8191-000000000E03}4876C:\Windows\SysWOW64\WerFault.exe\REGISTRY\A\{28d9a512-df47-d953-0e37-a66ea60306fb}\Root\InventoryApplicationFile\soaphound.exe|32ba06e11e15d7e0\BinProductVersion1.0.0.0AR-WIN-2\Administrator 13241300x8000000000000000245999Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2024-02-12 17:51:21.060{6B7A8EA0-5A98-65CA-8191-000000000E03}4876C:\Windows\SysWOW64\WerFault.exe\REGISTRY\A\{28d9a512-df47-d953-0e37-a66ea60306fb}\Root\InventoryApplicationFile\soaphound.exe|32ba06e11e15d7e0\LinkDate07/27/2051 08:22:03AR-WIN-2\Administrator 13241300x8000000000000000245998Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2024-02-12 17:51:21.060{6B7A8EA0-5A98-65CA-8191-000000000E03}4876C:\Windows\SysWOW64\WerFault.exe\REGISTRY\A\{28d9a512-df47-d953-0e37-a66ea60306fb}\Root\InventoryApplicationFile\soaphound.exe|32ba06e11e15d7e0\Publisher(Empty)AR-WIN-2\Administrator 13241300x8000000000000000245997Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2024-02-12 17:51:21.060{6B7A8EA0-5A98-65CA-8191-000000000E03}4876C:\Windows\SysWOW64\WerFault.exe\REGISTRY\A\{28d9a512-df47-d953-0e37-a66ea60306fb}\Root\InventoryApplicationFile\soaphound.exe|32ba06e11e15d7e0\LowerCaseLongPathc:\atomicredteam\atomics\t1059.001\src\soaphound.exeAR-WIN-2\Administrator 154100x8000000000000000245996Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:51:20.991{6B7A8EA0-5A98-65CA-8191-000000000E03}4876C:\Windows\SysWOW64\WerFault.exe10.0.14393.4402 (rs1_release.210426-1725)Windows Problem ReportingMicrosoft® Windows® Operating SystemMicrosoft CorporationWerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 1480C:\Windows\system32\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=7BD45584299308DAEA16F2221A464A7F,SHA256=55E74A461777651BE95BBBB93835E69974FE8955631D92A3B7BB97504041D1BB,IMPHASH=CABB1BD9C8861200DB46B24A4934E8E8{6B7A8EA0-5A94-65CA-7E91-000000000E03}6620C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exeC:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --bhdump --cachefilename c:\temp\cach2.txt --outputdirectory c:\temp\test2AR-WIN-2\Administrator 154100x8000000000000000245995Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:51:16.098{6B7A8EA0-5A94-65CA-7E91-000000000E03}6620C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exeC:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --bhdump --cachefilename c:\temp\cach2.txt --outputdirectory c:\temp\test2C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-5A94-65CA-7C91-000000000E03}816C:\Windows\System32\cmd.exe"cmd.exe" /c C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --bhdump --cachefilename c:\temp\cach2.txt --outputdirectory c:\temp\test2AR-WIN-2\Administrator 154100x8000000000000000245994Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:51:16.038{6B7A8EA0-5A94-65CA-7C91-000000000E03}816C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c C:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --bhdump --cachefilename c:\temp\cach2.txt --outputdirectory c:\temp\test2C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{6B7A8EA0-59AC-65CA-5691-000000000E03}6332C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 154100x8000000000000000245972Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:48:39.047{6B7A8EA0-59F7-65CA-6591-000000000E03}6724C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c C:\AtomicRedTeam\atomics\..\ExternalPayloads\SOAPHound.exe --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --bhdump --cachefilename c:\temp\cach2.txt --outputdirectory c:\temp\test2C:\Users\ADMINI~1\AppData\Local\Temp\2\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{6B7A8EA0-59AC-65CA-5691-000000000E03}6332C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 11241100x8000000000000000245962Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localEXE2024-02-12 17:47:53.896{6B7A8EA0-9EC1-65C6-E33F-000000000E03}808C:\Program Files\Notepad++\notepad++.exeC:\AtomicRedTeam\atomics\T1059.001\src\SOAPHound.exe2024-02-12 17:47:53.896AR-WIN-2\Administrator 11241100x8000000000000000245961Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localEXE2024-02-12 17:47:47.273{6B7A8EA0-9EC1-65C6-E33F-000000000E03}808C:\Program Files\Notepad++\notepad++.exeC:\AtomicRedTeam\atomics\T1059.001\src\Desktop\SOAPHound.exe2024-02-12 17:47:47.258AR-WIN-2\Administrator 534500x8000000000000000245723Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:02:44.313{6B7A8EA0-4F2D-65CA-7190-000000000E03}2660C:\Users\Administrator\Desktop\SOAPHound.exeATTACKRANGE\administrator 354300x8000000000000000245722Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 17:02:41.070{6B7A8EA0-4F2D-65CA-7190-000000000E03}2660C:\Users\Administrator\Desktop\SOAPHound.exeATTACKRANGE\administratortcptruefalse10.0.1.15ar-win-2.attackrange.local56033-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 354300x8000000000000000245721Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 17:02:41.056{6B7A8EA0-4F2D-65CA-7190-000000000E03}2660C:\Users\Administrator\Desktop\SOAPHound.exeATTACKRANGE\administratortcptruefalse10.0.1.15ar-win-2.attackrange.local56032-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 154100x8000000000000000245720Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:02:41.827{6B7A8EA0-4F31-65CA-7290-000000000E03}3000C:\Windows\SysWOW64\WerFault.exe10.0.14393.4402 (rs1_release.210426-1725)Windows Problem ReportingMicrosoft® Windows® Operating SystemMicrosoft CorporationWerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 1224C:\Windows\system32\ATTACKRANGE\administrator{6B7A8EA0-4E82-65CA-9D82-8D0F00000000}0xf8d829d2HighMD5=7BD45584299308DAEA16F2221A464A7F,SHA256=55E74A461777651BE95BBBB93835E69974FE8955631D92A3B7BB97504041D1BB,IMPHASH=CABB1BD9C8861200DB46B24A4934E8E8{6B7A8EA0-4F2D-65CA-7190-000000000E03}2660C:\Users\Administrator\Desktop\SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --bhdump --cachefilename c:\temp\cach2.txt --outputdirectory c:\temp\test2ATTACKRANGE\administrator 354300x8000000000000000245719Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 17:02:37.330{6B7A8EA0-4F2D-65CA-7190-000000000E03}2660C:\Users\Administrator\Desktop\SOAPHound.exeATTACKRANGE\administratortcptruefalse10.0.1.15ar-win-2.attackrange.local56031-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 354300x8000000000000000245718Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 17:02:37.290{6B7A8EA0-4F2D-65CA-7190-000000000E03}2660C:\Users\Administrator\Desktop\SOAPHound.exeATTACKRANGE\administratortcptruefalse10.0.1.15ar-win-2.attackrange.local56030-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 154100x8000000000000000245717Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:02:37.484{6B7A8EA0-4F2D-65CA-7190-000000000E03}2660C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --bhdump --cachefilename c:\temp\cach2.txt --outputdirectory c:\temp\test2C:\Users\Administrator\ATTACKRANGE\administrator{6B7A8EA0-4E82-65CA-9D82-8D0F00000000}0xf8d829d2HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-4E87-65CA-5890-000000000E03}2000C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ATTACKRANGE\administrator 534500x8000000000000000245716Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:02:27.239{6B7A8EA0-4F23-65CA-7090-000000000E03}6420C:\Users\Administrator\Desktop\SOAPHound.exeATTACKRANGE\administrator 154100x8000000000000000245715Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:02:27.107{6B7A8EA0-4F23-65CA-7090-000000000E03}6420C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --bhdump --cachefilename c:\temp\cach2.txtC:\Users\Administrator\ATTACKRANGE\administrator{6B7A8EA0-4E82-65CA-9D82-8D0F00000000}0xf8d829d2HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-4E87-65CA-5890-000000000E03}2000C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ATTACKRANGE\administrator 534500x8000000000000000245709Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:01:39.559{6B7A8EA0-4EF2-65CA-6A90-000000000E03}3528C:\Users\Administrator\Desktop\SOAPHound.exeATTACKRANGE\administrator 154100x8000000000000000245708Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:01:38.560{6B7A8EA0-4EF2-65CA-6A90-000000000E03}3528C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc 10.0.1.14 --buildcache --cachefilename c:\temp\cach2.txtC:\Users\Administrator\ATTACKRANGE\administrator{6B7A8EA0-4E82-65CA-9D82-8D0F00000000}0xf8d829d2HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-4E87-65CA-5890-000000000E03}2000C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ATTACKRANGE\administrator 534500x8000000000000000245707Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:01:27.092{6B7A8EA0-4ED6-65CA-6690-000000000E03}4144C:\Users\Administrator\Desktop\SOAPHound.exeATTACKRANGE\administrator 22542200x8000000000000000245706Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:01:11.998{6B7A8EA0-4ED6-65CA-6690-000000000E03}4144ar-win-dc9003-C:\Users\Administrator\Desktop\SOAPHound.exeATTACKRANGE\administrator 154100x8000000000000000245705Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:01:12.738{6B7A8EA0-4ED8-65CA-6890-000000000E03}4408C:\Windows\SysWOW64\WerFault.exe10.0.14393.4402 (rs1_release.210426-1725)Windows Problem ReportingMicrosoft® Windows® Operating SystemMicrosoft CorporationWerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 1152C:\Windows\system32\ATTACKRANGE\administrator{6B7A8EA0-4E82-65CA-9D82-8D0F00000000}0xf8d829d2HighMD5=7BD45584299308DAEA16F2221A464A7F,SHA256=55E74A461777651BE95BBBB93835E69974FE8955631D92A3B7BB97504041D1BB,IMPHASH=CABB1BD9C8861200DB46B24A4934E8E8{6B7A8EA0-4ED6-65CA-6690-000000000E03}4144C:\Users\Administrator\Desktop\SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc ar-win-dc --buildcache --cachefilename c:\temp\cach2.txtATTACKRANGE\administrator 154100x8000000000000000245704Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:01:10.093{6B7A8EA0-4ED6-65CA-6690-000000000E03}4144C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc ar-win-dc --buildcache --cachefilename c:\temp\cach2.txtC:\Users\Administrator\ATTACKRANGE\administrator{6B7A8EA0-4E82-65CA-9D82-8D0F00000000}0xf8d829d2HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-4E87-65CA-5890-000000000E03}2000C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ATTACKRANGE\administrator 534500x8000000000000000245699Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:01:02.679{6B7A8EA0-4ECE-65CA-6190-000000000E03}1672C:\Users\Administrator\Desktop\SOAPHound.exeATTACKRANGE\administrator 154100x8000000000000000245698Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:01:02.506{6B7A8EA0-4ECE-65CA-6190-000000000E03}1672C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user administrator@attackrange.local --password P@ssword1 --domain ATTACKRANGE.LOCAL --dc ar-win-dc --buildcache c:\temp\cach2.txtC:\Users\Administrator\ATTACKRANGE\administrator{6B7A8EA0-4E82-65CA-9D82-8D0F00000000}0xf8d829d2HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-4E87-65CA-5890-000000000E03}2000C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ATTACKRANGE\administrator 534500x8000000000000000245695Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:00:07.378{6B7A8EA0-4E97-65CA-5D90-000000000E03}5204C:\Users\Administrator\Desktop\SOAPHound.exeATTACKRANGE\administrator 154100x8000000000000000245693Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 17:00:07.121{6B7A8EA0-4E97-65CA-5D90-000000000E03}5204C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" -hC:\Users\Administrator\ATTACKRANGE\administrator{6B7A8EA0-4E82-65CA-9D82-8D0F00000000}0xf8d829d2HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-4E87-65CA-5890-000000000E03}2000C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ATTACKRANGE\administrator 534500x8000000000000000245605Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:58:26.767{6B7A8EA0-4E28-65CA-4490-000000000E03}4792C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 22542200x8000000000000000245603Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:58:19.558{6B7A8EA0-4E28-65CA-4490-000000000E03}4792attackrange.local0::ffff:10.0.1.14;C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 354300x8000000000000000245602Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 16:58:19.568{6B7A8EA0-4E28-65CA-4490-000000000E03}4792C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local56021-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 354300x8000000000000000245601Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 16:58:19.559{6B7A8EA0-4E28-65CA-4490-000000000E03}4792C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local56020-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 154100x8000000000000000245600Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:58:20.362{6B7A8EA0-4E2C-65CA-4690-000000000E03}6568C:\Windows\SysWOW64\WerFault.exe10.0.14393.4402 (rs1_release.210426-1725)Windows Problem ReportingMicrosoft® Windows® Operating SystemMicrosoft CorporationWerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 1520C:\Windows\system32\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=7BD45584299308DAEA16F2221A464A7F,SHA256=55E74A461777651BE95BBBB93835E69974FE8955631D92A3B7BB97504041D1BB,IMPHASH=CABB1BD9C8861200DB46B24A4934E8E8{6B7A8EA0-4E28-65CA-4490-000000000E03}4792C:\Users\Administrator\Desktop\SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user attackrange.local\administrator --password P@ssword1 --domain attackrange.local --bhdump --cachefilename c:\temp\cache.txt --outputdirectory c:\temp\testAR-WIN-2\Administrator 22542200x8000000000000000245599Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:58:15.829{6B7A8EA0-4E28-65CA-4490-000000000E03}4792attackrange.local0::ffff:10.0.1.14;C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 354300x8000000000000000245598Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 16:58:15.876{6B7A8EA0-4E28-65CA-4490-000000000E03}4792C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local56019-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 354300x8000000000000000245597Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 16:58:15.832{6B7A8EA0-4E28-65CA-4490-000000000E03}4792C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local56016-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 154100x8000000000000000245596Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:58:16.052{6B7A8EA0-4E28-65CA-4490-000000000E03}4792C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user attackrange.local\administrator --password P@ssword1 --domain attackrange.local --bhdump --cachefilename c:\temp\cache.txt --outputdirectory c:\temp\testC:\Users\Administrator\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-B773-65C3-D700-000000000E03}4384C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 534500x8000000000000000245595Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:58:10.463{6B7A8EA0-4E15-65CA-3B90-000000000E03}7112C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 354300x8000000000000000245591Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 16:58:01.336{6B7A8EA0-4E15-65CA-3B90-000000000E03}7112C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local56015-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 354300x8000000000000000245590Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 16:58:01.325{6B7A8EA0-4E15-65CA-3B90-000000000E03}7112C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local56014-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 22542200x8000000000000000245589Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:58:01.325{6B7A8EA0-4E15-65CA-3B90-000000000E03}7112attackrange.local0::ffff:10.0.1.14;C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 154100x8000000000000000245586Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:58:02.177{6B7A8EA0-4E1A-65CA-3E90-000000000E03}1184C:\Windows\SysWOW64\WerFault.exe10.0.14393.4402 (rs1_release.210426-1725)Windows Problem ReportingMicrosoft® Windows® Operating SystemMicrosoft CorporationWerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 1516C:\Windows\system32\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=7BD45584299308DAEA16F2221A464A7F,SHA256=55E74A461777651BE95BBBB93835E69974FE8955631D92A3B7BB97504041D1BB,IMPHASH=CABB1BD9C8861200DB46B24A4934E8E8{6B7A8EA0-4E15-65CA-3B90-000000000E03}7112C:\Users\Administrator\Desktop\SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user attackrange.local\administrator --password P@ssword1 --domain attackrange.local --bhdump --cachefilename c:\temp\cache.txt --outputdirectory c:\tempAR-WIN-2\Administrator 354300x8000000000000000245585Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 16:57:57.411{6B7A8EA0-4E15-65CA-3B90-000000000E03}7112C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local56013-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 354300x8000000000000000245584Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 16:57:57.358{6B7A8EA0-4E15-65CA-3B90-000000000E03}7112C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local56010-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 22542200x8000000000000000245583Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:57:57.355{6B7A8EA0-4E15-65CA-3B90-000000000E03}7112attackrange.local0::ffff:10.0.1.14;C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 154100x8000000000000000245582Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:57:57.557{6B7A8EA0-4E15-65CA-3B90-000000000E03}7112C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user attackrange.local\administrator --password P@ssword1 --domain attackrange.local --bhdump --cachefilename c:\temp\cache.txt --outputdirectory c:\tempC:\Users\Administrator\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-B773-65C3-D700-000000000E03}4384C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 534500x8000000000000000245581Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:57:49.180{6B7A8EA0-4E0C-65CA-3A90-000000000E03}5784C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 154100x8000000000000000245580Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:57:48.986{6B7A8EA0-4E0C-65CA-3A90-000000000E03}5784C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user attackrange.local\administrator --password P@ssword1 --domain attackrange.local --bhdump --cachefilename c:\temp\cache.txtC:\Users\Administrator\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-B773-65C3-D700-000000000E03}4384C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 22542200x8000000000000000245562Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:54:30.456{6B7A8EA0-4D46-65CA-2790-000000000E03}6184attackrange.local0::ffff:10.0.1.14;C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 354300x8000000000000000245561Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 16:54:30.873{6B7A8EA0-4D46-65CA-2790-000000000E03}6184C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local55996-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 354300x8000000000000000245560Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localUsermode2024-02-12 16:54:30.463{6B7A8EA0-4D46-65CA-2790-000000000E03}6184C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local55992-false10.0.1.14ip-10-0-1-14.us-west-2.compute.internal9389- 534500x8000000000000000245559Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:54:32.342{6B7A8EA0-4D46-65CA-2790-000000000E03}6184C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 154100x8000000000000000245558Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:54:30.375{6B7A8EA0-4D46-65CA-2790-000000000E03}6184C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user attackrange.local\administrator --password P@ssword1 --domain attackrange.local --buildcache --cachefilename c:\temp\cache.txtC:\Users\Administrator\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-B773-65C3-D700-000000000E03}4384C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 534500x8000000000000000245557Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:54:17.859{6B7A8EA0-4D39-65CA-2690-000000000E03}2956C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 154100x8000000000000000245556Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:54:17.663{6B7A8EA0-4D39-65CA-2690-000000000E03}2956C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user attackrange.local\administrator --password P@ssword1 --domain attackrange.local --buildcacheC:\Users\Administrator\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-B773-65C3-D700-000000000E03}4384C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 534500x8000000000000000245553Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:54:06.685{6B7A8EA0-4D2E-65CA-2390-000000000E03}4492C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 154100x8000000000000000245552Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:54:06.519{6B7A8EA0-4D2E-65CA-2390-000000000E03}4492C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" --user attackrange.local\administrator --password P@ssword1 --domain attackrange.localC:\Users\Administrator\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-B773-65C3-D700-000000000E03}4384C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 534500x8000000000000000245548Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:53:41.843{6B7A8EA0-4D15-65CA-1F90-000000000E03}5108C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 154100x8000000000000000245547Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:53:41.637{6B7A8EA0-4D15-65CA-1F90-000000000E03}5108C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" -hC:\Users\Administrator\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-B773-65C3-D700-000000000E03}4384C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" AR-WIN-2\Administrator 13241300x8000000000000000245539Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2024-02-12 16:53:24.161{6B7A8EA0-B5C2-65C3-1400-000000000E03}372C:\Windows\System32\svchost.exe\REGISTRY\A\{f3760055-5853-ac27-b837-dba98d645488}\Root\InventoryApplicationFile\soaphound.exe|760b5bbafa5cafa6\BinProductVersion1.0.0.0NT AUTHORITY\SYSTEM 13241300x8000000000000000245538Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2024-02-12 16:53:24.161{6B7A8EA0-B5C2-65C3-1400-000000000E03}372C:\Windows\System32\svchost.exe\REGISTRY\A\{f3760055-5853-ac27-b837-dba98d645488}\Root\InventoryApplicationFile\soaphound.exe|760b5bbafa5cafa6\LinkDate07/27/2051 08:22:03NT AUTHORITY\SYSTEM 13241300x8000000000000000245537Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2024-02-12 16:53:24.161{6B7A8EA0-B5C2-65C3-1400-000000000E03}372C:\Windows\System32\svchost.exe\REGISTRY\A\{f3760055-5853-ac27-b837-dba98d645488}\Root\InventoryApplicationFile\soaphound.exe|760b5bbafa5cafa6\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x8000000000000000245536Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2024-02-12 16:53:24.161{6B7A8EA0-B5C2-65C3-1400-000000000E03}372C:\Windows\System32\svchost.exe\REGISTRY\A\{f3760055-5853-ac27-b837-dba98d645488}\Root\InventoryApplicationFile\soaphound.exe|760b5bbafa5cafa6\LowerCaseLongPathc:\users\administrator\desktop\soaphound.exeNT AUTHORITY\SYSTEM 13241300x8000000000000000245535Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDBSetValue2024-02-12 16:53:24.146{6B7A8EA0-B5C2-65C3-1400-000000000E03}372C:\Windows\System32\svchost.exeHKU\S-1-5-21-815985593-1969253740-3296277071-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\Administrator\Desktop\SOAPHound.exeBinary DataNT AUTHORITY\SYSTEM 534500x8000000000000000245534Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:53:22.132{6B7A8EA0-4D01-65CA-1C90-000000000E03}6496C:\Users\Administrator\Desktop\SOAPHound.exeAR-WIN-2\Administrator 13241300x8000000000000000245533Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDBSetValue2024-02-12 16:53:21.898{6B7A8EA0-B5C2-65C3-1400-000000000E03}372C:\Windows\System32\svchost.exeHKU\S-1-5-21-815985593-1969253740-3296277071-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\Administrator\Desktop\SOAPHound.exeBinary DataNT AUTHORITY\SYSTEM 154100x8000000000000000245532Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-02-12 16:53:21.899{6B7A8EA0-4D01-65CA-1C90-000000000E03}6496C:\Users\Administrator\Desktop\SOAPHound.exe1.0.0.0SOAPHoundSOAPHound-SOAPHound.exe"C:\Users\Administrator\Desktop\SOAPHound.exe" C:\Users\Administrator\Desktop\AR-WIN-2\Administrator{6B7A8EA0-B763-65C3-1442-0F0000000000}0xf42142HighMD5=5B44F064C41A5AEF381D088CA1DA4EA9,SHA256=3F498F307754573E23555DC370ED7CA01B4485A1137C873B0012C1A6E8BC6228,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6B7A8EA0-B764-65C3-C900-000000000E03}4932C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-2\Administrator 254200x8000000000000000245531Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT10992024-02-12 16:53:20.670{6B7A8EA0-B764-65C3-C900-000000000E03}4932C:\Windows\Explorer.EXEC:\Users\Administrator\Desktop\SOAPHound.exe2024-01-26 14:01:30.0002024-02-12 16:53:20.650AR-WIN-2\Administrator 11241100x8000000000000000245530Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localEXE2024-02-12 16:53:20.650{6B7A8EA0-B764-65C3-C900-000000000E03}4932C:\Windows\Explorer.EXEC:\Users\Administrator\Desktop\SOAPHound.exe2024-02-12 16:53:20.650AR-WIN-2\Administrator