154100x8000000000000000530958079Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:15.400{EF490992-6617-64FF-34CB-01000000DE02}9892C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5636 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530958063Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:15.397{EF490992-6617-64FF-33CB-01000000DE02}4736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5324 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530958043Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:15.393{EF490992-6617-64FF-32CB-01000000DE02}11784C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5164 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530958030Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:15.388{EF490992-6617-64FF-31CB-01000000DE02}10720C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5144 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530958014Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:15.380{EF490992-6617-64FF-30CB-01000000DE02}11688C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4324 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530957931Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:15.327{EF490992-6617-64FF-2FCB-01000000DE02}11896C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3060 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530957897Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:15.307{EF490992-6617-64FF-2ECB-01000000DE02}10408C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --noerrdialogs --mojo-platform-channel-handle=4276 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530957876Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:15.294{EF490992-6617-64FF-2DCB-01000000DE02}11768C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --noerrdialogs --mojo-platform-channel-handle=3104 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530957624Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:12.755{EF490992-6614-64FF-2CCB-01000000DE02}7340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1693927024659016 --launch-time-ticks=532388094162 --mojo-platform-channel-handle=4264 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530957495Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:12.155{EF490992-6614-64FF-2BCB-01000000DE02}8512C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4540 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530957413Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:12.030{EF490992-6614-64FF-2ACB-01000000DE02}9176C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1693927024659016 --launch-time-ticks=532387365948 --mojo-platform-channel-handle=4652 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530957404Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:12.022{EF490992-6614-64FF-29CB-01000000DE02}7368C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4272 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530957249Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:11.733{EF490992-6613-64FF-28CB-01000000DE02}12196C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4276 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530957188Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:11.676{EF490992-6613-64FF-27CB-01000000DE02}1996C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3360 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530957109Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:11.612{EF490992-6613-64FF-26CB-01000000DE02}10552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1693927024659016 --launch-time-ticks=532386952058 --mojo-platform-channel-handle=3076 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530957097Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:11.605{EF490992-6613-64FF-25CB-01000000DE02}3244C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --first-renderer-process --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1693927024659016 --launch-time-ticks=532386941972 --mojo-platform-channel-handle=2928 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530956918Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:11.464{EF490992-6613-64FF-24CB-01000000DE02}12212C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=1916 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530956851Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:11.417{EF490992-6613-64FF-23CB-01000000DE02}12184C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --mojo-platform-channel-handle=1792 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530956838Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:11.410{EF490992-6613-64FF-22CB-01000000DE02}6228C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1640 --field-trial-handle=1644,i,8443704113184521901,11956835959340022079,262144 --disable-features=PaintHolding /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530956673Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:11.204{EF490992-6613-64FF-21CB-01000000DE02}12240C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=116.0.5845.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.76 --initial-client-data=0xe4,0xe8,0xec,0xa0,0xf4,0x7ffb6a5072c0,0x7ffb6a5072d0,0x7ffb6a5072e0C:\Program Files (x86)\Microsoft\Edge\Application\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530956595Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:11.159{EF490992-6613-64FF-1FCB-01000000DE02}7812C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 C:\Users\Administrator\Desktop\11719307473\749533eef943e019e1f6ccf61f36cc0939f7aa0c730bac84467d83441a0584f0~\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-DCBF-64F9-0352-00000000DE02}6348C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\b207a288-3e1f-42cc-baed-709385117200.bat" "MSWIN-SERVER\Administrator 154100x8000000000000000530955116Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:04.001{EF490992-660C-64FF-1CCB-01000000DE02}10328C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=2968 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530954988Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:03.935{EF490992-660B-64FF-1BCB-01000000DE02}12228C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5480 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530954946Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:03.899{EF490992-660B-64FF-1ACB-01000000DE02}11580C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5316 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530954915Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:03.893{EF490992-660B-64FF-19CB-01000000DE02}856C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5168 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530954904Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:03.887{EF490992-660B-64FF-18CB-01000000DE02}3824C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4348 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530954855Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:03.831{EF490992-660B-64FF-17CB-01000000DE02}3884C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5060 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530954843Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:03.824{EF490992-660B-64FF-16CB-01000000DE02}8140C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --noerrdialogs --mojo-platform-channel-handle=4948 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530954820Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:03.809{EF490992-660B-64FF-15CB-01000000DE02}12104C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --noerrdialogs --mojo-platform-channel-handle=4932 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530953583Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:00.804{EF490992-6608-64FF-14CB-01000000DE02}12204C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1693927024658463 --launch-time-ticks=532376129836 --mojo-platform-channel-handle=4812 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530953358Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:00.283{EF490992-6608-64FF-13CB-01000000DE02}11892C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4588 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530953260Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:00.043{EF490992-6608-64FF-10CB-01000000DE02}11208C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1693927024658463 --launch-time-ticks=532375376163 --mojo-platform-channel-handle=4412 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530953251Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:10:00.029{EF490992-6608-64FF-0FCB-01000000DE02}12048C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4292 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530953101Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:09:59.729{EF490992-6607-64FF-0ECB-01000000DE02}11140C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4288 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530953064Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:09:59.685{EF490992-6607-64FF-0DCB-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3352 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530952986Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:09:59.594{EF490992-6607-64FF-0CCB-01000000DE02}8912C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1693927024658463 --launch-time-ticks=532374934262 --mojo-platform-channel-handle=3096 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530952977Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:09:59.590{EF490992-6607-64FF-0BCB-01000000DE02}12024C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --first-renderer-process --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1693927024658463 --launch-time-ticks=532374927145 --mojo-platform-channel-handle=2932 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530952802Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:09:59.423{EF490992-6607-64FF-0ACB-01000000DE02}11360C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=1928 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530952732Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:09:59.378{EF490992-6607-64FF-09CB-01000000DE02}9636C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --mojo-platform-channel-handle=1824 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530952709Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:09:59.372{EF490992-6607-64FF-08CB-01000000DE02}9096C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1616 --field-trial-handle=1628,i,3423559000576307078,1501324364119575371,262144 --disable-features=PaintHolding /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530952557Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:09:59.247{EF490992-6607-64FF-07CB-01000000DE02}3424C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=116.0.5845.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.76 --initial-client-data=0xe4,0xe8,0xec,0xa8,0xf8,0x7ffb6a5072c0,0x7ffb6a5072d0,0x7ffb6a5072e0C:\Program Files (x86)\Microsoft\Edge\Application\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530952487Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:09:59.196{EF490992-6607-64FF-05CB-01000000DE02}10956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 C:\Users\Administrator\Desktop\11719307473\749533eef943e019e1f6ccf61f36cc0939f7aa0c730bac84467d83441a0584f0~\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-DCA0-64F9-E751-00000000DE02}6548C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\b207a288-3e1f-42cc-baed-709385117200.bat" "MSWIN-SERVER\Administrator 154100x8000000000000000530935796Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:40.300{EF490992-64C8-64FF-D6CA-01000000DE02}11224C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5304 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530935774Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:40.296{EF490992-64C8-64FF-D5CA-01000000DE02}10560C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5296 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530935744Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:40.275{EF490992-64C8-64FF-D4CA-01000000DE02}8560C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5172 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530935737Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:40.270{EF490992-64C8-64FF-D3CA-01000000DE02}11360C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5156 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530935675Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:40.225{EF490992-64C8-64FF-D2CA-01000000DE02}12156C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4996 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530935640Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:40.192{EF490992-64C8-64FF-D1CA-01000000DE02}10604C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4732 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530935586Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:40.148{EF490992-64C8-64FF-D0CA-01000000DE02}8060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --noerrdialogs --mojo-platform-channel-handle=3060 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530935565Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:40.139{EF490992-64C8-64FF-CFCA-01000000DE02}6448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --noerrdialogs --mojo-platform-channel-handle=2948 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530935326Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:37.681{EF490992-64C5-64FF-CECA-01000000DE02}10676C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1693927024651794 --launch-time-ticks=532052989855 --mojo-platform-channel-handle=4528 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530935110Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:37.035{EF490992-64C5-64FF-CDCA-01000000DE02}3772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4388 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530935028Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:36.914{EF490992-64C4-64FF-CCCA-01000000DE02}5820C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1693927024651794 --launch-time-ticks=532052255213 --mojo-platform-channel-handle=3928 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530935015Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:36.905{EF490992-64C4-64FF-CBCA-01000000DE02}11512C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4516 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530934897Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:36.677{EF490992-64C4-64FF-CACA-01000000DE02}4552C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4220 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530934820Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:36.613{EF490992-64C4-64FF-C9CA-01000000DE02}5208C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3732 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530934748Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:36.538{EF490992-64C4-64FF-C8CA-01000000DE02}5140C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1693927024651794 --launch-time-ticks=532051884460 --mojo-platform-channel-handle=2972 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530934738Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:36.531{EF490992-64C4-64FF-C7CA-01000000DE02}9780C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --first-renderer-process --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1693927024651794 --launch-time-ticks=532051870960 --mojo-platform-channel-handle=2936 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530934569Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:36.364{EF490992-64C4-64FF-C6CA-01000000DE02}856C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=1820 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530934493Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:36.321{EF490992-64C4-64FF-C5CA-01000000DE02}11580C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --mojo-platform-channel-handle=1652 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530934477Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:36.318{EF490992-64C4-64FF-C4CA-01000000DE02}10836C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1592 --field-trial-handle=1596,i,14714346894252044163,12219966959785011226,262144 --disable-features=PaintHolding /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530934321Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:36.195{EF490992-64C4-64FF-C3CA-01000000DE02}11284C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=116.0.5845.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.76 --initial-client-data=0xe4,0xe8,0xec,0xc0,0xf8,0x7ffb6a5072c0,0x7ffb6a5072d0,0x7ffb6a5072e0C:\Program Files (x86)\Microsoft\Edge\Application\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530934251Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:36.141{EF490992-64C4-64FF-C1CA-01000000DE02}7976C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 C:\Users\Administrator\Desktop\11719307473\749533eef943e019e1f6ccf61f36cc0939f7aa0c730bac84467d83441a0584f0~\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-DCBF-64F9-0352-00000000DE02}6348C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\b207a288-3e1f-42cc-baed-709385117200.bat" "MSWIN-SERVER\Administrator 154100x8000000000000000530933590Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:28.469{EF490992-64BC-64FF-BECA-01000000DE02}9488C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5624 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530933577Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:28.465{EF490992-64BC-64FF-BDCA-01000000DE02}11928C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5468 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530933565Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:28.461{EF490992-64BC-64FF-BCCA-01000000DE02}11212C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5308 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530933552Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:28.456{EF490992-64BC-64FF-BBCA-01000000DE02}10248C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5156 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530933536Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:28.453{EF490992-64BC-64FF-BACA-01000000DE02}11252C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4400 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530933472Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:28.405{EF490992-64BC-64FF-B9CA-01000000DE02}9136C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4904 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530933452Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:28.395{EF490992-64BC-64FF-B8CA-01000000DE02}9720C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --noerrdialogs --mojo-platform-channel-handle=4104 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530933432Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:28.388{EF490992-64BC-64FF-B7CA-01000000DE02}11428C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --noerrdialogs --mojo-platform-channel-handle=2940 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530933236Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:25.789{EF490992-64B9-64FF-B6CA-01000000DE02}11804C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1693927024651745 --launch-time-ticks=532041135611 --mojo-platform-channel-handle=4412 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530933132Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:25.226{EF490992-64B9-64FF-B5CA-01000000DE02}6020C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4552 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530933044Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:25.096{EF490992-64B9-64FF-B4CA-01000000DE02}5436C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4532 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530933031Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:25.087{EF490992-64B9-64FF-B3CA-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1693927024651745 --launch-time-ticks=532040393067 --mojo-platform-channel-handle=4392 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530932900Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:24.767{EF490992-64B8-64FF-B2CA-01000000DE02}11208C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4372 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530932796Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:24.673{EF490992-64B8-64FF-B1CA-01000000DE02}11856C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3664 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530932715Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:24.602{EF490992-64B8-64FF-B0CA-01000000DE02}11728C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1693927024651745 --launch-time-ticks=532039949772 --mojo-platform-channel-handle=3084 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530932703Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:24.600{EF490992-64B8-64FF-AFCA-01000000DE02}3608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --first-renderer-process --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1693927024651745 --launch-time-ticks=532039944530 --mojo-platform-channel-handle=2928 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530932525Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:24.474{EF490992-64B8-64FF-AECA-01000000DE02}9956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=1904 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530932451Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:24.437{EF490992-64B8-64FF-ADCA-01000000DE02}7172C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --mojo-platform-channel-handle=1592 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530932440Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:24.435{EF490992-64B8-64FF-ACCA-01000000DE02}2352C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1656 --field-trial-handle=1660,i,11681132374035408386,13728371802711632663,262144 --disable-features=PaintHolding /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530932276Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:24.247{EF490992-64B8-64FF-ABCA-01000000DE02}900C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=116.0.5845.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.76 --initial-client-data=0xe4,0xe8,0xec,0xc0,0xf8,0x7ffb6a5072c0,0x7ffb6a5072d0,0x7ffb6a5072e0C:\Program Files (x86)\Microsoft\Edge\Application\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530932207Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:04:24.195{EF490992-64B8-64FF-A9CA-01000000DE02}8664C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 C:\Users\Administrator\Desktop\11719307473\749533eef943e019e1f6ccf61f36cc0939f7aa0c730bac84467d83441a0584f0~\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-DCA0-64F9-E751-00000000DE02}6548C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\b207a288-3e1f-42cc-baed-709385117200.bat" "MSWIN-SERVER\Administrator 154100x8000000000000000530916984Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:05.411{EF490992-6379-64FF-77CA-01000000DE02}11476C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5504 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916968Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:05.406{EF490992-6379-64FF-76CA-01000000DE02}6384C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5452 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916952Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:05.402{EF490992-6379-64FF-75CA-01000000DE02}11728C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5248 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916934Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:05.396{EF490992-6379-64FF-74CA-01000000DE02}8540C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4528 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916927Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:05.393{EF490992-6379-64FF-73CA-01000000DE02}10312C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4544 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916858Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:05.312{EF490992-6379-64FF-72CA-01000000DE02}12132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4840 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916810Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:05.279{EF490992-6379-64FF-71CA-01000000DE02}12128C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --noerrdialogs --mojo-platform-channel-handle=5080 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916793Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:05.266{EF490992-6379-64FF-70CA-01000000DE02}6832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --noerrdialogs --mojo-platform-channel-handle=3192 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916584Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:02.742{EF490992-6376-64FF-6FCA-01000000DE02}2472C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1693927024647040 --launch-time-ticks=531718092500 --mojo-platform-channel-handle=4948 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916397Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:02.184{EF490992-6376-64FF-6ECA-01000000DE02}12216C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4704 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916313Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:02.033{EF490992-6376-64FF-6DCA-01000000DE02}11872C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1693927024647040 --launch-time-ticks=531717368359 --mojo-platform-channel-handle=4568 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916280Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:02.011{EF490992-6376-64FF-6CCA-01000000DE02}9380C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4560 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916219Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:01.816{EF490992-6375-64FF-6BCA-01000000DE02}3792C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4408 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916095Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:01.665{EF490992-6375-64FF-6ACA-01000000DE02}2804C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3460 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916027Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:01.595{EF490992-6375-64FF-69CA-01000000DE02}8524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1693927024647040 --launch-time-ticks=531716946840 --mojo-platform-channel-handle=3076 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530916018Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:01.589{EF490992-6375-64FF-68CA-01000000DE02}11576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --first-renderer-process --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1693927024647040 --launch-time-ticks=531716937885 --mojo-platform-channel-handle=2928 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530915836Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:01.450{EF490992-6375-64FF-67CA-01000000DE02}364C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=1916 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530915754Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:01.412{EF490992-6375-64FF-66CA-01000000DE02}8316C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --mojo-platform-channel-handle=1656 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530915746Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:01.409{EF490992-6375-64FF-65CA-01000000DE02}11960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1632 --field-trial-handle=1636,i,14877262211561577286,3717298982584830276,262144 --disable-features=PaintHolding /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530915612Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:01.248{EF490992-6375-64FF-64CA-01000000DE02}7348C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=116.0.5845.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.76 --initial-client-data=0xe4,0xe8,0xec,0xc0,0x120,0x7ffb6a5072c0,0x7ffb6a5072d0,0x7ffb6a5072e0C:\Program Files (x86)\Microsoft\Edge\Application\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530915512Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:59:01.143{EF490992-6375-64FF-62CA-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 C:\Users\Administrator\Desktop\11719307473\749533eef943e019e1f6ccf61f36cc0939f7aa0c730bac84467d83441a0584f0~\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-DCBF-64F9-0352-00000000DE02}6348C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\b207a288-3e1f-42cc-baed-709385117200.bat" "MSWIN-SERVER\Administrator 154100x8000000000000000530914759Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:53.449{EF490992-636D-64FF-5DCA-01000000DE02}7956C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5640 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530914740Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:53.439{EF490992-636D-64FF-5CCA-01000000DE02}11536C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5480 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530914718Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:53.433{EF490992-636D-64FF-5BCA-01000000DE02}3772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5300 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530914703Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:53.429{EF490992-636D-64FF-5ACA-01000000DE02}12200C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5116 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530914679Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:53.418{EF490992-636D-64FF-59CA-01000000DE02}10176C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3772 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530914658Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:53.407{EF490992-636D-64FF-58CA-01000000DE02}8772C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4760 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530914616Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:53.389{EF490992-636D-64FF-57CA-01000000DE02}10032C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --noerrdialogs --mojo-platform-channel-handle=3000 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530914600Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:53.380{EF490992-636D-64FF-56CA-01000000DE02}4244C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --noerrdialogs --mojo-platform-channel-handle=4600 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530914377Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:50.731{EF490992-636A-64FF-55CA-01000000DE02}11012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1693927024647107 --launch-time-ticks=531706081951 --mojo-platform-channel-handle=4596 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530914224Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:50.247{EF490992-636A-64FF-54CA-01000000DE02}11284C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4524 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530914109Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:50.010{EF490992-636A-64FF-53CA-01000000DE02}3488C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1693927024647107 --launch-time-ticks=531705361267 --mojo-platform-channel-handle=4376 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530914098Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:50.001{EF490992-636A-64FF-52CA-01000000DE02}11884C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3512 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530913997Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:49.769{EF490992-6369-64FF-51CA-01000000DE02}12216C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4304 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530913907Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:49.648{EF490992-6369-64FF-50CA-01000000DE02}4080C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3768 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530913837Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:49.565{EF490992-6369-64FF-4FCA-01000000DE02}11740C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1693927024647107 --launch-time-ticks=531704917161 --mojo-platform-channel-handle=2992 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530913826Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:49.559{EF490992-6369-64FF-4ECA-01000000DE02}12128C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --first-renderer-process --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1693927024647107 --launch-time-ticks=531704907654 --mojo-platform-channel-handle=2940 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530913637Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:49.418{EF490992-6369-64FF-4DCA-01000000DE02}5208C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=1996 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530913572Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:49.377{EF490992-6369-64FF-4CCA-01000000DE02}5792C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --mojo-platform-channel-handle=1680 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530913560Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:49.367{EF490992-6369-64FF-4BCA-01000000DE02}9320C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1528 --field-trial-handle=1532,i,1229716075748777459,8410574636837107113,262144 --disable-features=PaintHolding /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530913393Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:49.226{EF490992-6369-64FF-4ACA-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=116.0.5845.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.76 --initial-client-data=0xe4,0xe8,0xec,0xc0,0xf8,0x7ffb6a5072c0,0x7ffb6a5072d0,0x7ffb6a5072e0C:\Program Files (x86)\Microsoft\Edge\Application\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000530913331Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 18:58:49.185{EF490992-6369-64FF-48CA-01000000DE02}11416C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 C:\Users\Administrator\Desktop\11719307473\749533eef943e019e1f6ccf61f36cc0939f7aa0c730bac84467d83441a0584f0~\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-DCA0-64F9-E751-00000000DE02}6548C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\b207a288-3e1f-42cc-baed-709385117200.bat" "MSWIN-SERVER\Administrator 154100x8000000000000000531052947Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:11.732{EF490992-6CA3-64FF-0ACD-01000000DE02}10208C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5384 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052939Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:11.729{EF490992-6CA3-64FF-09CD-01000000DE02}9676C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5252 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052930Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:11.724{EF490992-6CA3-64FF-08CD-01000000DE02}3228C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5128 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052898Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:11.711{EF490992-6CA3-64FF-07CD-01000000DE02}12176C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4480 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052853Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:11.678{EF490992-6CA3-64FF-06CD-01000000DE02}5088C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3488 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052807Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:11.660{EF490992-6CA3-64FF-05CD-01000000DE02}8316C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3048 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052781Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:11.651{EF490992-6CA3-64FF-04CD-01000000DE02}7164C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --noerrdialogs --mojo-platform-channel-handle=4740 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052761Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:11.642{EF490992-6CA3-64FF-03CD-01000000DE02}5608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --noerrdialogs --mojo-platform-channel-handle=4336 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052517Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:08.762{EF490992-6CA0-64FF-02CD-01000000DE02}8140C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1693927024691035 --launch-time-ticks=534064067704 --mojo-platform-channel-handle=4404 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052434Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:08.357{EF490992-6CA0-64FF-01CD-01000000DE02}12068C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4604 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052271Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:08.050{EF490992-6CA0-64FF-00CD-01000000DE02}6852C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1693927024691035 --launch-time-ticks=534063356439 --mojo-platform-channel-handle=4456 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052254Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:08.040{EF490992-6CA0-64FF-FFCC-01000000DE02}6832C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4452 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052200Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:07.862{EF490992-6C9F-64FF-FECC-01000000DE02}10252C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4448 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531052086Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:07.697{EF490992-6C9F-64FF-FDCC-01000000DE02}2252C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3548 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531051990Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:07.584{EF490992-6C9F-64FF-FCCC-01000000DE02}5504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1693927024691035 --launch-time-ticks=534062889407 --mojo-platform-channel-handle=2972 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531051983Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:07.578{EF490992-6C9F-64FF-FBCC-01000000DE02}5208C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --first-renderer-process --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1693927024691035 --launch-time-ticks=534062882395 --mojo-platform-channel-handle=2932 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531051812Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:07.414{EF490992-6C9F-64FF-FACC-01000000DE02}8868C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=1544 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531051741Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:07.374{EF490992-6C9F-64FF-F9CC-01000000DE02}1340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --mojo-platform-channel-handle=1516 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531051723Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:07.370{EF490992-6C9F-64FF-F8CC-01000000DE02}9752C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1616 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531051569Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:07.227{EF490992-6C9F-64FF-F7CC-01000000DE02}7912C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=116.0.5845.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.76 --initial-client-data=0xe8,0xec,0xf0,0xe4,0x12c,0x7ffb6a5072c0,0x7ffb6a5072d0,0x7ffb6a5072e0C:\Program Files (x86)\Microsoft\Edge\Application\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531051476Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:38:07.171{EF490992-6C9F-64FF-F5CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 C:\Users\Administrator\Desktop\11719307473\749533eef943e019e1f6ccf61f36cc0939f7aa0c730bac84467d83441a0584f0~\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-DCBF-64F9-0352-00000000DE02}6348C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\b207a288-3e1f-42cc-baed-709385117200.bat" "MSWIN-SERVER\Administrator 4688201331200x80200000000000001884785Securitymswin-server.attackrange.localMSWIN-SERVER\AdministratorAdministratorMSWIN-SERVER0x19a60c0x2618C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe%%19360x2ad0"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1616 --field-trial-handle=1628,i,2761767669195762630,15592494890907763817,262144 --disable-features=PaintHolding /prefetch:2NULL SID--0x0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeMandatory Label\Low Mandatory Level 4688201331200x80200000000000001884782Securitymswin-server.attackrange.localMSWIN-SERVER\AdministratorAdministratorMSWIN-SERVER0x19a60c0x2ad0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe%%19360x18cc"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x8000000000000000531050771Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:57.440{EF490992-6C95-64FF-F0CC-01000000DE02}3760C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5452 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531050756Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:57.436{EF490992-6C95-64FF-EFCC-01000000DE02}8792C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5456 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531050737Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:57.424{EF490992-6C95-64FF-EECC-01000000DE02}11928C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5156 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531050722Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:57.419{EF490992-6C95-64FF-EDCC-01000000DE02}11300C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4936 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531050710Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:57.412{EF490992-6C95-64FF-ECCC-01000000DE02}11336C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4932 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531050607Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:57.356{EF490992-6C95-64FF-EBCC-01000000DE02}8380C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3132 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531050591Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:57.352{EF490992-6C95-64FF-EACC-01000000DE02}8096C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --noerrdialogs --mojo-platform-channel-handle=3156 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531050569Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:57.340{EF490992-6C95-64FF-E9CC-01000000DE02}10792C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --noerrdialogs --mojo-platform-channel-handle=2932 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531050405Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:55.668{EF490992-6C93-64FF-E8CC-01000000DE02}3792C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1693927024691026 --launch-time-ticks=534050970623 --mojo-platform-channel-handle=4244 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531050249Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:55.196{EF490992-6C93-64FF-E7CC-01000000DE02}3980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3524 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531050092Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:54.944{EF490992-6C92-64FF-E6CC-01000000DE02}12164C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1693927024691026 --launch-time-ticks=534050249406 --mojo-platform-channel-handle=4524 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531050083Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:54.938{EF490992-6C92-64FF-E5CC-01000000DE02}10372C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4352 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531050004Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:54.724{EF490992-6C92-64FF-E4CC-01000000DE02}9980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4160 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531049917Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:54.640{EF490992-6C92-64FF-E3CC-01000000DE02}6288C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3524 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531049819Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:54.546{EF490992-6C92-64FF-E2CC-01000000DE02}10888C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1693927024691026 --launch-time-ticks=534049853838 --mojo-platform-channel-handle=3060 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531049809Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:54.540{EF490992-6C92-64FF-E1CC-01000000DE02}7292C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --first-renderer-process --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1693927024691026 --launch-time-ticks=534049844194 --mojo-platform-channel-handle=2656 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531049633Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:54.405{EF490992-6C92-64FF-E0CC-01000000DE02}11860C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=1920 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531049568Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:54.372{EF490992-6C92-64FF-DFCC-01000000DE02}4232C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --mojo-platform-channel-handle=1680 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531049547Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:54.365{EF490992-6C92-64FF-DECC-01000000DE02}5824C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1632 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531049388Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:54.218{EF490992-6C92-64FF-DDCC-01000000DE02}11856C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=116.0.5845.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.76 --initial-client-data=0xe4,0xe8,0xec,0xc0,0xf8,0x7ffb6a5072c0,0x7ffb6a5072d0,0x7ffb6a5072e0C:\Program Files (x86)\Microsoft\Edge\Application\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531049319Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:37:54.169{EF490992-6C92-64FF-DBCC-01000000DE02}10448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 C:\Users\Administrator\Desktop\11719307473\749533eef943e019e1f6ccf61f36cc0939f7aa0c730bac84467d83441a0584f0~\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-DCA0-64F9-E751-00000000DE02}6548C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\b207a288-3e1f-42cc-baed-709385117200.bat" "MSWIN-SERVER\Administrator 4688201331200x80200000000000001884759Securitymswin-server.attackrange.localMSWIN-SERVER\AdministratorAdministratorMSWIN-SERVER0x19a60c0x16c0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe%%19360x28d0"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1632 --field-trial-handle=1640,i,4995147221188142639,14057301620459435855,262144 --disable-features=PaintHolding /prefetch:2NULL SID--0x0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeMandatory Label\Low Mandatory Level 4688201331200x80200000000000001884756Securitymswin-server.attackrange.localMSWIN-SERVER\AdministratorAdministratorMSWIN-SERVER0x19a60c0x28d0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe%%19360x1994"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x8000000000000000531034728Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:36.376{EF490992-6B54-64FF-AECC-01000000DE02}12216C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5492 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531034658Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:36.369{EF490992-6B54-64FF-ADCC-01000000DE02}10776C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5348 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531034626Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:36.350{EF490992-6B54-64FF-ACCC-01000000DE02}11608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5180 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531034600Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:36.340{EF490992-6B54-64FF-ABCC-01000000DE02}11804C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3096 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531034589Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:36.336{EF490992-6B54-64FF-AACC-01000000DE02}11856C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4088 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531034540Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:36.304{EF490992-6B54-64FF-A9CC-01000000DE02}10348C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3876 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531034514Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:36.293{EF490992-6B54-64FF-A8CC-01000000DE02}11408C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --noerrdialogs --mojo-platform-channel-handle=4892 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531034494Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:36.276{EF490992-6B54-64FF-A7CC-01000000DE02}10000C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --noerrdialogs --mojo-platform-channel-handle=4644 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531034258Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:33.727{EF490992-6B51-64FF-A6CC-01000000DE02}10792C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1693927024686356 --launch-time-ticks=533729037822 --mojo-platform-channel-handle=4852 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531034134Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:33.212{EF490992-6B51-64FF-A5CC-01000000DE02}9808C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4848 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531033996Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:32.995{EF490992-6B50-64FF-A4CC-01000000DE02}12208C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1693927024686356 --launch-time-ticks=533728306524 --mojo-platform-channel-handle=4720 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531033988Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:32.986{EF490992-6B50-64FF-A3CC-01000000DE02}7748C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4596 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531033879Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:32.769{EF490992-6B50-64FF-A2CC-01000000DE02}8168C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4340 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531033814Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:32.715{EF490992-6B50-64FF-A1CC-01000000DE02}11700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3724 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531033729Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:32.635{EF490992-6B50-64FF-A0CC-01000000DE02}7332C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1693927024686356 --launch-time-ticks=533727947695 --mojo-platform-channel-handle=2948 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531033718Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:32.625{EF490992-6B50-64FF-9FCC-01000000DE02}10676C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --first-renderer-process --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1693927024686356 --launch-time-ticks=533727934451 --mojo-platform-channel-handle=2920 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531033540Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:32.483{EF490992-6B50-64FF-9ECC-01000000DE02}11920C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=1884 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531033484Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:32.452{EF490992-6B50-64FF-9DCC-01000000DE02}11032C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --mojo-platform-channel-handle=1652 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531033459Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:32.440{EF490992-6B50-64FF-9CCC-01000000DE02}10432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1544 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531033281Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:32.289{EF490992-6B50-64FF-9BCC-01000000DE02}7980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=116.0.5845.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.76 --initial-client-data=0xe4,0xe8,0xec,0xc0,0xf8,0x7ffb6a5072c0,0x7ffb6a5072d0,0x7ffb6a5072e0C:\Program Files (x86)\Microsoft\Edge\Application\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531033226Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:32.242{EF490992-6B50-64FF-99CC-01000000DE02}11736C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 C:\Users\Administrator\Desktop\11719307473\749533eef943e019e1f6ccf61f36cc0939f7aa0c730bac84467d83441a0584f0~\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-DCBF-64F9-0352-00000000DE02}6348C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\b207a288-3e1f-42cc-baed-709385117200.bat" "MSWIN-SERVER\Administrator 4688201331200x80200000000000001884693Securitymswin-server.attackrange.localMSWIN-SERVER\AdministratorAdministratorMSWIN-SERVER0x19a60c0x28c0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe%%19360x2dd8"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1544 --field-trial-handle=1572,i,8029175109903176077,6821037607469406147,262144 --disable-features=PaintHolding /prefetch:2NULL SID--0x0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeMandatory Label\Low Mandatory Level 4688201331200x80200000000000001884690Securitymswin-server.attackrange.localMSWIN-SERVER\AdministratorAdministratorMSWIN-SERVER0x19a60c0x2dd8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe%%19360x18cc"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x8000000000000000531032340Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:23.425{EF490992-6B47-64FF-92CC-01000000DE02}3164C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5480 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531032316Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:23.421{EF490992-6B47-64FF-91CC-01000000DE02}1340C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5316 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531032299Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:23.417{EF490992-6B47-64FF-90CC-01000000DE02}11860C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5220 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531032259Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:23.399{EF490992-6B47-64FF-8FCC-01000000DE02}11612C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5172 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531032210Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:23.367{EF490992-6B47-64FF-8ECC-01000000DE02}10884C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3000 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531032178Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:23.353{EF490992-6B47-64FF-8DCC-01000000DE02}10792C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5040 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531032145Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:23.327{EF490992-6B47-64FF-8CCC-01000000DE02}9336C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --noerrdialogs --mojo-platform-channel-handle=3112 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531032125Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:23.320{EF490992-6B47-64FF-8BCC-01000000DE02}10672C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --noerrdialogs --mojo-platform-channel-handle=3228 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531031819Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:20.707{EF490992-6B44-64FF-8ACC-01000000DE02}11132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1693927024685783 --launch-time-ticks=533716019020 --mojo-platform-channel-handle=4592 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531031763Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:20.276{EF490992-6B44-64FF-89CC-01000000DE02}4796C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4656 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531031599Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:19.943{EF490992-6B43-64FF-88CC-01000000DE02}10272C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1693927024685783 --launch-time-ticks=533715255473 --mojo-platform-channel-handle=4396 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531031590Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:19.939{EF490992-6B43-64FF-87CC-01000000DE02}12156C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4316 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531031520Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:19.744{EF490992-6B43-64FF-86CC-01000000DE02}9968C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4392 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531031419Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:19.635{EF490992-6B43-64FF-85CC-01000000DE02}11700C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3744 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531031328Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:19.539{EF490992-6B43-64FF-84CC-01000000DE02}3252C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1693927024685783 --launch-time-ticks=533714851961 --mojo-platform-channel-handle=3088 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531031316Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:19.532{EF490992-6B43-64FF-83CC-01000000DE02}11212C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --first-renderer-process --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1693927024685783 --launch-time-ticks=533714841787 --mojo-platform-channel-handle=2944 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531031183Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:19.419{EF490992-6B43-64FF-82CC-01000000DE02}4276C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=1924 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531031070Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:19.358{EF490992-6B43-64FF-81CC-01000000DE02}8524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --mojo-platform-channel-handle=1536 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531031056Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:19.352{EF490992-6B43-64FF-80CC-01000000DE02}8648C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1492 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531030858Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:19.184{EF490992-6B43-64FF-7FCC-01000000DE02}8216C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=116.0.5845.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.76 --initial-client-data=0xec,0xf0,0xf4,0xc8,0x100,0x7ffb6a5072c0,0x7ffb6a5072d0,0x7ffb6a5072e0C:\Program Files (x86)\Microsoft\Edge\Application\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531030805Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:32:19.123{EF490992-6B43-64FF-7DCC-01000000DE02}10460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 C:\Users\Administrator\Desktop\11719307473\749533eef943e019e1f6ccf61f36cc0939f7aa0c730bac84467d83441a0584f0~\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-DCA0-64F9-E751-00000000DE02}6548C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\b207a288-3e1f-42cc-baed-709385117200.bat" "MSWIN-SERVER\Administrator 4688201331200x80200000000000001884665Securitymswin-server.attackrange.localMSWIN-SERVER\AdministratorAdministratorMSWIN-SERVER0x19a60c0x21c8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe%%19360x28dc"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1492 --field-trial-handle=1540,i,8368684117798087886,14716550705284092220,262144 --disable-features=PaintHolding /prefetch:2NULL SID--0x0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeMandatory Label\Low Mandatory Level 4688201331200x80200000000000001884662Securitymswin-server.attackrange.localMSWIN-SERVER\AdministratorAdministratorMSWIN-SERVER0x19a60c0x28dcC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe%%19360x1994"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x8000000000000000531015505Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:27:01.403{EF490992-6A05-64FF-50CC-01000000DE02}9980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5480 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531015494Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:27:01.399{EF490992-6A05-64FF-4FCC-01000000DE02}11380C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3968 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531015485Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:27:01.394{EF490992-6A05-64FF-4ECC-01000000DE02}2008C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5160 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531015470Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:27:01.385{EF490992-6A05-64FF-4DCC-01000000DE02}3824C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5152 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531015460Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:27:01.380{EF490992-6A05-64FF-4CCC-01000000DE02}11884C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3016 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531015359Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:27:01.301{EF490992-6A05-64FF-4BCC-01000000DE02}10488C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4600 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531015343Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:27:01.291{EF490992-6A05-64FF-4ACC-01000000DE02}8868C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --noerrdialogs --mojo-platform-channel-handle=2944 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531015328Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:27:01.286{EF490992-6A05-64FF-49CC-01000000DE02}10960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --noerrdialogs --mojo-platform-channel-handle=2972 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531015017Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:58.788{EF490992-6A02-64FF-46CC-01000000DE02}6228C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1693927024681153 --launch-time-ticks=533394104297 --mojo-platform-channel-handle=4732 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531014794Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:58.114{EF490992-6A02-64FF-45CC-01000000DE02}8292C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4580 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531014724Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:58.055{EF490992-6A02-64FF-44CC-01000000DE02}11448C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1693927024681153 --launch-time-ticks=533393371388 --mojo-platform-channel-handle=3404 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531014712Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:58.038{EF490992-6A02-64FF-43CC-01000000DE02}10576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4488 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531014555Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:57.791{EF490992-6A01-64FF-42CC-01000000DE02}5200C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4304 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531014503Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:57.747{EF490992-6A01-64FF-41CC-01000000DE02}9404C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3936 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531014483Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:57.739{EF490992-6A01-64FF-40CC-01000000DE02}7820C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1693927024681153 --launch-time-ticks=533392954794 --mojo-platform-channel-handle=2960 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531014413Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:57.633{EF490992-6A01-64FF-3FCC-01000000DE02}11576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --first-renderer-process --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1693927024681153 --launch-time-ticks=533392945697 --mojo-platform-channel-handle=2912 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531014239Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:57.503{EF490992-6A01-64FF-3ECC-01000000DE02}10980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=1828 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531014166Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:57.463{EF490992-6A01-64FF-3DCC-01000000DE02}8940C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --mojo-platform-channel-handle=1668 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531014151Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:57.458{EF490992-6A01-64FF-3CCC-01000000DE02}4796C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1624 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531013991Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:57.270{EF490992-6A01-64FF-3BCC-01000000DE02}3560C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=116.0.5845.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.76 --initial-client-data=0xe4,0xe8,0xec,0xc0,0xf4,0x7ffb6a5072c0,0x7ffb6a5072d0,0x7ffb6a5072e0C:\Program Files (x86)\Microsoft\Edge\Application\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531013923Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:57.220{EF490992-6A01-64FF-39CC-01000000DE02}11420C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 C:\Users\Administrator\Desktop\11719307473\749533eef943e019e1f6ccf61f36cc0939f7aa0c730bac84467d83441a0584f0~\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-DCBF-64F9-0352-00000000DE02}6348C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\b207a288-3e1f-42cc-baed-709385117200.bat" "MSWIN-SERVER\Administrator 4688201331200x80200000000000001884597Securitymswin-server.attackrange.localMSWIN-SERVER\AdministratorAdministratorMSWIN-SERVER0x19a60c0x12bcC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe%%19360x2c9c"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1624 --field-trial-handle=1628,i,7216138694234641385,685760360072698947,262144 --disable-features=PaintHolding /prefetch:2NULL SID--0x0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeMandatory Label\Low Mandatory Level 4688201331200x80200000000000001884594Securitymswin-server.attackrange.localMSWIN-SERVER\AdministratorAdministratorMSWIN-SERVER0x19a60c0x2c9cC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe%%19360x18cc"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x8000000000000000531013358Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:48.407{EF490992-69F8-64FF-36CC-01000000DE02}11460C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5640 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531013327Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:48.397{EF490992-69F8-64FF-35CC-01000000DE02}5504C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5292 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531013265Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:48.369{EF490992-69F8-64FF-34CC-01000000DE02}7424C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5152 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531013256Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:48.366{EF490992-69F8-64FF-33CC-01000000DE02}10784C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=5140 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531013247Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:48.361{EF490992-69F8-64FF-32CC-01000000DE02}11380C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4760 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531013162Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:48.314{EF490992-69F8-64FF-31CC-01000000DE02}11784C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3800 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531013148Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:48.310{EF490992-69F8-64FF-30CC-01000000DE02}3980C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --noerrdialogs --mojo-platform-channel-handle=3680 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531013129Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:48.297{EF490992-69F8-64FF-2FCC-01000000DE02}10176C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --noerrdialogs --mojo-platform-channel-handle=5004 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531012941Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:45.760{EF490992-69F5-64FF-2ECC-01000000DE02}12240C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --time-ticks-at-unix-epoch=-1693927024680835 --launch-time-ticks=533381078172 --mojo-platform-channel-handle=4560 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531012757Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:45.200{EF490992-69F5-64FF-2DCC-01000000DE02}10024C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4760 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531012645Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:45.022{EF490992-69F5-64FF-2CCC-01000000DE02}7228C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1693927024680835 --launch-time-ticks=533380339508 --mojo-platform-channel-handle=4456 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531012637Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:45.018{EF490992-69F5-64FF-2BCC-01000000DE02}5788C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4476 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531012558Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:44.835{EF490992-69F4-64FF-2ACC-01000000DE02}9296C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=4452 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531012461Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:44.703{EF490992-69F4-64FF-29CC-01000000DE02}3776C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=3588 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531012380Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:44.596{EF490992-69F4-64FF-28CC-01000000DE02}11984C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1693927024680835 --launch-time-ticks=533379914162 --mojo-platform-channel-handle=3092 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531012369Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:44.587{EF490992-69F4-64FF-27CC-01000000DE02}6308C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --noerrdialogs --first-renderer-process --disable-databases --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1693927024680835 --launch-time-ticks=533379901073 --mojo-platform-channel-handle=2664 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531012195Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:44.435{EF490992-69F4-64FF-26CC-01000000DE02}10224C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --mojo-platform-channel-handle=1980 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531012116Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:44.396{EF490992-69F4-64FF-25CC-01000000DE02}9892C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --mojo-platform-channel-handle=1676 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531012104Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:44.389{EF490992-69F4-64FF-24CC-01000000DE02}948C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1612 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\116.0.1938.76\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2LowMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 4688201331200x80200000000000001884573Securitymswin-server.attackrange.localMSWIN-SERVER\AdministratorAdministratorMSWIN-SERVER0x19a60c0x3b4C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe%%19360x1f4c"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --noerrdialogs --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1612 --field-trial-handle=1616,i,17099944717906458965,4173364033446446444,262144 --disable-features=PaintHolding /prefetch:2NULL SID--0x0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeMandatory Label\Low Mandatory Level 4688201331200x80200000000000001884570Securitymswin-server.attackrange.localMSWIN-SERVER\AdministratorAdministratorMSWIN-SERVER0x19a60c0x1f4cC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe%%19360x1994"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 154100x8000000000000000531011936Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:44.232{EF490992-69F4-64FF-23CC-01000000DE02}8512C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=116.0.5845.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=116.0.1938.76 --initial-client-data=0xe4,0xe8,0xec,0xa0,0xf4,0x7ffb6a5072c0,0x7ffb6a5072d0,0x7ffb6a5072e0C:\Program Files (x86)\Microsoft\Edge\Application\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 MSWIN-SERVER\Administrator 154100x8000000000000000531011873Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-09-11 19:26:44.192{EF490992-69F4-64FF-21CC-01000000DE02}8012C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe116.0.1938.76Microsoft EdgeMicrosoft EdgeMicrosoft Corporationmsedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless=new --disable-gpu https://mockbin.org/bin/31b1332f-8f5c-490e-8ec0-78e77b4e5709 C:\Users\Administrator\Desktop\11719307473\749533eef943e019e1f6ccf61f36cc0939f7aa0c730bac84467d83441a0584f0~\MSWIN-SERVER\Administrator{EF490992-4815-64F7-0CA6-190000000000}0x19a60c2HighMD5=86E2284C8AB340D17BECC6BDFC889198,SHA256=DC4E8127DC7801D5D92C9446E852F0262E4B63CE2B1AE459573BEED0E85A3A14{EF490992-DCA0-64F9-E751-00000000DE02}6548C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\b207a288-3e1f-42cc-baed-709385117200.bat" "MSWIN-SERVER\Administrator