154100x80000000000000001757727Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-139.attackrange.local-2022-01-19 21:47:59.652{834264DD-870F-61E8-5635-000000002402}6736C:\ProgramData\nothinhere.exe4.8.3761.0 built by: NET48REL1.NET Framework installation utilityMicrosoft® .NET FrameworkMicrosoft CorporationInstallUtil.exe"C:\ProgramData\nothinhere.exe"C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{834264DD-0DBE-61E7-0375-0C0000000000}0xc75032HighMD5=AF862061889F5B9B956E9469DCDAE773,SHA256=AF5CBD35C7D8DEA7D879113FDA61B0F64AC6618BCDAE15C0C732A018BABF68EE{834264DD-19DC-61E7-B505-000000002402}7112C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe" ATTACKRANGE\Administrator 154100x80000000000000001724813Microsoft-Windows-Sysmon/Operationalwin-dc-mhaag-attack-range-139.attackrange.local-2022-01-19 21:12:13.953{834264DD-7EAD-61E8-4B34-000000002402}6912C:\Temp\installut.exe4.8.3761.0 built by: NET48REL1.NET Framework installation utilityMicrosoft® .NET FrameworkMicrosoft CorporationInstallUtil.exe"C:\temp\installut.exe"C:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{834264DD-0DBE-61E7-0375-0C0000000000}0xc75032HighMD5=AF862061889F5B9B956E9469DCDAE773,SHA256=AF5CBD35C7D8DEA7D879113FDA61B0F64AC6618BCDAE15C0C732A018BABF68EE{834264DD-19DC-61E7-B505-000000002402}7112C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe" ATTACKRANGE\Administrator 154100x8000000000000000363780Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-563-2022-01-19 21:03:12.029{290656A6-7C90-61E8-8C34-000000002202}5664C:\Temp\installutil.exe4.8.3761.0 built by: NET48REL1.NET Framework installation utilityMicrosoft® .NET FrameworkMicrosoft CorporationInstallUtil.exe"C:\Temp\installutil.exe"C:\Users\Administrator\WIN-HOST-MHAAG-\Administrator{290656A6-71DB-61E8-5FF9-9E0100000000}0x19ef95f2HighMD5=AF862061889F5B9B956E9469DCDAE773,SHA256=AF5CBD35C7D8DEA7D879113FDA61B0F64AC6618BCDAE15C0C732A018BABF68EE,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{290656A6-7224-61E8-4433-000000002202}4168C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"