154100x80000000000000009418967Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-05-04 20:35:50.166{FA0EBB31-E3A6-6272-B25C-000000004E02}3084C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" create DellVuln binpath= C:\temp\dell.sys type= kernel start= auto displayname= dellvulnC:\Users\Administrator\Downloads\PowerSploit-master\PowerSploit-master\ATTACKRANGE\Administrator{FA0EBB31-D6BA-626F-C58C-150000000000}0x158cc52HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{FA0EBB31-D6C1-626F-0701-000000004E02}5388C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ATTACKRANGE\Administrator 154100x8000000000000000725042Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-803-2022-04-28 18:45:53.314{5B5DB6BA-E0E1-626A-BA01-000000004D02}2872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create COMBroker binpath= C:\Windows\System32\drivers\combroker.sys type= kernel start= auto displayname= "Atomic Red Team Driver" C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\WIN-HOST-MHAAG-\Administrator{5B5DB6BA-DFA6-626A-9165-1E0000000000}0x1e65912HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{5B5DB6BA-E0E1-626A-B701-000000004D02}1036C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\install.bat" WIN-HOST-MHAAG-\Administrator 154100x8000000000000000675746Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:41:50.335{FA0EBB31-DFEE-626A-2402-000000004C02}3200C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create COMBroker binpath= C:\Windows\System32\drivers\combroker.sys type= kernel start= auto displayname= "Atomic Red Team Driver" C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package\ATTACKRANGE\Administrator{FA0EBB31-DC7A-626A-2295-150000000000}0x1595222HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{FA0EBB31-DFEE-626A-2102-000000004C02}6072C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package\install.bat" ATTACKRANGE\Administrator 154100x8000000000000000674063Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:41:38.750{FA0EBB31-DFE2-626A-1402-000000004C02}4688C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create combo12 binpath= "C:\ProgramData\combo12.sys" type= kernel start= auto displayname= "combo12" C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\ATTACKRANGE\Administrator{FA0EBB31-DC7A-626A-2295-150000000000}0x1595222HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{FA0EBB31-DFE2-626A-1302-000000004C02}2248C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\install.bat""ATTACKRANGE\Administrator 154100x8000000000000000663436Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:34:08.493{FA0EBB31-DE20-626A-9F01-000000004C02}4340C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create combo12 binpath= "C:\ProgramData\combo12.sys" type= kernel start= auto displayname= "combo12" C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\ATTACKRANGE\Administrator{FA0EBB31-DC7A-626A-2295-150000000000}0x1595222HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{FA0EBB31-DE20-626A-9E01-000000004C02}5652C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\install.bat""ATTACKRANGE\Administrator 154100x8000000000000000661843Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:32:57.171{FA0EBB31-DDD9-626A-9101-000000004C02}604C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create Atomi3222 binpath= "C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo2.sys" type= kernel start= auto displayname= "Atomi3222" C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\ATTACKRANGE\Administrator{FA0EBB31-DC7A-626A-2295-150000000000}0x1595222HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{FA0EBB31-DDD9-626A-9001-000000004C02}4768C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\install.bat""ATTACKRANGE\Administrator 154100x8000000000000000660963Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:32:16.783{FA0EBB31-DDB0-626A-8401-000000004C02}2700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create Atomi322 binpath= "C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo.sys" type= kernel start= auto displayname= "Atomi322" C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\ATTACKRANGE\Administrator{FA0EBB31-DC7A-626A-2295-150000000000}0x1595222HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{FA0EBB31-DDB0-626A-8301-000000004C02}3164C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\install.bat""ATTACKRANGE\Administrator 154100x8000000000000000659467Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:31:15.707{FA0EBB31-DD73-626A-7501-000000004C02}4216C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create Atomic23 binpath= "C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo.sys" type= kernel start= auto displayname= "combo Team Driver" C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\ATTACKRANGE\Administrator{FA0EBB31-DC7A-626A-2295-150000000000}0x1595222HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{FA0EBB31-DD73-626A-7301-000000004C02}5468C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\install.bat" ATTACKRANGE\Administrator 154100x8000000000000000659116Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:30:40.000{FA0EBB31-DD50-626A-6E01-000000004C02}5168C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create Atomic2 binpath= "C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo.sys" type= kernel start= auto displayname= "combo Team Driver" C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\ATTACKRANGE\Administrator{FA0EBB31-DC7A-626A-2295-150000000000}0x1595222HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{FA0EBB31-DD4F-626A-6C01-000000004C02}4484C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\install.bat" ATTACKRANGE\Administrator 154100x8000000000000000657363Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:29:52.322{FA0EBB31-DD20-626A-5D01-000000004C02}4244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create Atomic binpath= "C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo.sys" type= kernel start= auto displayname= "combo Team Driver" C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\ATTACKRANGE\Administrator{FA0EBB31-DC7A-626A-2295-150000000000}0x1595222HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{FA0EBB31-DD20-626A-5B01-000000004C02}4736C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\install.bat" ATTACKRANGE\Administrator 154100x8000000000000000656882Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:29:24.189{FA0EBB31-DD04-626A-5401-000000004C02}6112C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create Atomic binpath= C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo.sys type= kernel start= auto displayname= "combo Team Driver" C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\ATTACKRANGE\Administrator{FA0EBB31-DC7A-626A-2295-150000000000}0x1595222HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{FA0EBB31-DD04-626A-5201-000000004C02}1408C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\install.bat" ATTACKRANGE\Administrator 154100x8000000000000000656391Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:29:21.346{FA0EBB31-DD01-626A-4801-000000004C02}4196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create Atomic binpath= C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo.sys type= kernel start= auto displayname= "combo Team Driver" C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\ATTACKRANGE\Administrator{FA0EBB31-DC7A-626A-2295-150000000000}0x1595222HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{FA0EBB31-DD01-626A-4601-000000004C02}5608C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\install.bat" "ATTACKRANGE\Administrator 154100x8000000000000000651764Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-270.attackrange.local-2022-04-28 18:27:38.216{FA0EBB31-DC9A-626A-3401-000000004C02}5664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create COMBroker binpath= C:\Windows\System32\drivers\combroker.sys type= kernel start= auto displayname= "Atomic Red Team Driver" C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\ATTACKRANGE\Administrator{FA0EBB31-DC7A-626A-2295-150000000000}0x1595222HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{FA0EBB31-DC9A-626A-3101-000000004C02}4524C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\install.bat" ATTACKRANGE\Administrator