154100x8000000000000000148297242Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-05-25 13:24:40.465{2897A50F-6198-646F-CA2D-00000000CE02}6864C:\Windows\System32\ldifde.exe10.0.14393.0 (rs1_release.160715-1616)NT5DSMicrosoft® Windows® Operating SystemMicrosoft Corporationldifde.exeldifde.exe -f C:\Windows\temp\atomic_ldifde.txt -p subtreeC:\Users\ADMINI~1\AppData\Local\Temp\ATTACKRANGE\Administrator{2897A50F-6040-646F-024E-E30500000000}0x5e34e022HighMD5=51BBF7AA4242A7E0C56ED4704AE94E58,SHA256=B1FDBDE11B6DAC3E4B69702040083FAD2A02B8BDFECBFA5AFDE9890D70A4DFCD{2897A50F-6198-646F-C82D-00000000CE02}5228C:\Windows\System32\cmd.exe"cmd.exe" /c "ldifde.exe -f C:\Windows\temp\atomic_ldifde.txt -p subtree"ATTACKRANGE\Administrator
154100x8000000000000000148297167Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-05-25 13:24:40.167{2897A50F-6198-646F-C92D-00000000CE02}6376C:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXE\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\WindowsATTACKRANGE\Administrator{2897A50F-6040-646F-024E-E30500000000}0x5e34e022HighMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0{2897A50F-6198-646F-C82D-00000000CE02}5228C:\Windows\System32\cmd.exe"cmd.exe" /c "ldifde.exe -f C:\Windows\temp\atomic_ldifde.txt -p subtree"ATTACKRANGE\Administrator
154100x8000000000000000148297132Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-05-25 13:24:40.141{2897A50F-6198-646F-C82D-00000000CE02}5228C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c "ldifde.exe -f C:\Windows\temp\atomic_ldifde.txt -p subtree"C:\Users\ADMINI~1\AppData\Local\Temp\ATTACKRANGE\Administrator{2897A50F-6040-646F-024E-E30500000000}0x5e34e022HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{2897A50F-6127-646F-B22D-00000000CE02}5036C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ATTACKRANGE\Administrator
154100x8000000000000000148258083Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-05-25 13:20:11.570{2897A50F-608B-646F-A02D-00000000CE02}6352C:\Windows\System32\ldifde.exe10.0.14393.0 (rs1_release.160715-1616)NT5DSMicrosoft® Windows® Operating SystemMicrosoft Corporationldifde.exeldifde.exe -f c:\windows\temp\InvokeUserdataErrors.log -p subtreeC:\Users\Administrator\ATTACKRANGE\Administrator{2897A50F-6040-646F-024E-E30500000000}0x5e34e022HighMD5=51BBF7AA4242A7E0C56ED4704AE94E58,SHA256=B1FDBDE11B6DAC3E4B69702040083FAD2A02B8BDFECBFA5AFDE9890D70A4DFCD{2897A50F-6050-646F-7C2D-00000000CE02}5868C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\Administrator
154100x8000000000000000148256048Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-05-25 13:19:39.263{2897A50F-606B-646F-9C2D-00000000CE02}6696C:\Windows\System32\ldifde.exe10.0.14393.0 (rs1_release.160715-1616)NT5DSMicrosoft® Windows® Operating SystemMicrosoft Corporationldifde.exeldifde.exe -f c:\windows\temp\InvokeUserdataErrors.log C:\Users\Administrator\ATTACKRANGE\Administrator{2897A50F-6040-646F-024E-E30500000000}0x5e34e022HighMD5=51BBF7AA4242A7E0C56ED4704AE94E58,SHA256=B1FDBDE11B6DAC3E4B69702040083FAD2A02B8BDFECBFA5AFDE9890D70A4DFCD{2897A50F-6050-646F-7C2D-00000000CE02}5868C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\Administrator
154100x8000000000000000148242950Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-05-25 13:19:15.985{2897A50F-6053-646F-862D-00000000CE02}5192C:\Windows\System32\ldifde.exe10.0.14393.0 (rs1_release.160715-1616)NT5DSMicrosoft® Windows® Operating SystemMicrosoft Corporationldifde.exeldifdeC:\Users\Administrator\ATTACKRANGE\Administrator{2897A50F-6040-646F-024E-E30500000000}0x5e34e022HighMD5=51BBF7AA4242A7E0C56ED4704AE94E58,SHA256=B1FDBDE11B6DAC3E4B69702040083FAD2A02B8BDFECBFA5AFDE9890D70A4DFCD{2897A50F-6050-646F-7C2D-00000000CE02}5868C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\Administrator