4688201331200x80200000000000001515496Securitywin-dc-mhaag-attack-range-622.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x1cfe160x16d8C:\Program Files\Internet Explorer\iexplore.exe%%19360x1424"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.mdNULL SID--0x0C:\Windows\explorer.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000001515495Securitywin-dc-mhaag-attack-range-622.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MHAAG-AT$ATTACKRANGE0x3e70x1424C:\Windows\explorer.exe%%19360x348C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -EmbeddingATTACKRANGE\AdministratoradministratorATTACKRANGE0x1cfe16C:\Windows\System32\svchost.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000001515494Securitywin-dc-mhaag-attack-range-622.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x1cfe160x10d0C:\Windows\explorer.exe%%19360x8f4explorer.exe https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1105/T1105.mdNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000001510004Securitywin-dc-mhaag-attack-range-622.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x1cfe160x1e90C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe%%19360x1a3c"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Administrator\Desktop\blackhat-usa-2022-demos-main\common.ps1'"NULL SID--0x0C:\Windows\explorer.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000001508786Securitywin-dc-mhaag-attack-range-622.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x1cfe160xbe8C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe%%19360x1a3c"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe" NULL SID--0x0C:\Windows\explorer.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000001507834Securitywin-dc-mhaag-attack-range-622.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x1cfe160x159cC:\Users\Administrator\Downloads\LIVE_BEARD.exe%%19360x1a3c"C:\Users\Administrator\Downloads\LIVE_BEARD.exe" NULL SID--0x0C:\Windows\explorer.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000001507412Securitywin-dc-mhaag-attack-range-622.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x1cfe160x8f4C:\Windows\System32\cmd.exe%%19360x1a3c"C:\Windows\system32\cmd.exe" NULL SID--0x0C:\Windows\explorer.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000001503708Securitywin-dc-mhaag-attack-range-622.attackrange.localATTACKRANGE\AdministratoradministratorATTACKRANGE0x1cfe160xd34C:\Users\Administrator\Downloads\LIVE_BEARD.exe%%19360x1a3c"C:\Users\Administrator\Downloads\LIVE_BEARD.exe" NULL SID--0x0C:\Windows\explorer.exeMandatory Label\High Mandatory Level