12241200x8000000000000000206701Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-CreateKey2023-11-08 21:00:29.585{6CA7D817-C8F8-654B-BB22-000000000A03}2608C:\Windows\Explorer.EXEHKU\S-1-5-21-1570081662-2631104095-3404167468-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithListAR-WIN-2\Administrator 13241300x8000000000000000206698Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2023-11-08 21:00:29.585{6CA7D817-C8F8-654B-BB22-000000000A03}2608C:\Windows\Explorer.EXEHKU\S-1-5-21-1570081662-2631104095-3404167468-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids\CABFolderBinary DataAR-WIN-2\Administrator 12241200x8000000000000000206697Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-CreateKey2023-11-08 21:00:29.585{6CA7D817-C8F8-654B-BB22-000000000A03}2608C:\Windows\Explorer.EXEHKU\S-1-5-21-1570081662-2631104095-3404167468-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgidsAR-WIN-2\Administrator 11241100x8000000000000000204866Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-11-08 20:59:31.379{6CA7D817-C8F8-654B-BB22-000000000A03}2608C:\Windows\Explorer.EXEC:\Users\Administrator\Desktop\thisisyourinvoice.cab2023-11-08 20:59:31.379AR-WIN-2\Administrator 154100x800000000000000024270Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-11-08 19:16:33.170{6CA7D817-DE91-654B-7125-000000000A03}2080C:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXE\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\WindowsAR-WIN-2\Administrator{6CA7D817-C8F6-654B-7D62-110200000000}0x211627d2HighMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0{6CA7D817-DE91-654B-7025-000000000A03}3760C:\Windows\SysWOW64\expand.exe"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* filesAR-WIN-2\Administrator 154100x800000000000000024253Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-11-08 19:16:33.159{6CA7D817-DE91-654B-7025-000000000A03}3760C:\Windows\SysWOW64\expand.exe5.00 (rs1_release.160715-1616)LZ Expansion UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationexpand"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* filesC:\Users\ADMINI~1\AppData\Local\Temp\MW-180f9688-8ac3-4403-88a4-5a09c8ffa5e1\AR-WIN-2\Administrator{6CA7D817-C8F6-654B-7D62-110200000000}0x211627d2HighMD5=C5A28F44F47524452C188ED74E754095,SHA256=8082B8A2CE8DFCA365A669CE94C439E91D2D5291A513702C0FC93273F2CF9C9C{6CA7D817-DE8F-654B-6D25-000000000A03}5348C:\Windows\SysWOW64\msiexec.exeC:\Windows\syswow64\MsiExec.exe -Embedding F6223A6898B62DCDD086283F6AE20858AR-WIN-2\Administrator 11241100x800000000000000023695Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-11-08 19:16:32.368{6CA7D817-DE8F-654B-6D25-000000000A03}5348C:\Windows\syswow64\MsiExec.exeC:\Users\ADMINI~1\AppData\Local\Temp\MW-180f9688-8ac3-4403-88a4-5a09c8ffa5e1\files.cab2023-11-08 19:16:32.368AR-WIN-2\Administrator