154100x8000000000000000206803Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-01-03 12:18:41.556{C429ADC8-50A1-6595-2004-000000003A03}2340C:\Windows\Installer\MSI1A10.tmp21.2.2.0File that launches another fileAdvanced InstallerCaphyon LTDviewer.exe"C:\Windows\Installer\MSI1A10.tmp" /HideWindow rundll32 C:\Users\Administrator\AppData\Roaming\KROST.dll,hvsiC:\Windows\system32\AR-WIN-2\Administrator{C429ADC8-46E4-6595-6E97-100000000000}0x10976e2HighMD5=B41E1B0AE2EC215C568C395B0DBB738A,SHA256=A97E782C5612C1A9C8A56C56A943F6190FA7A73C346566860B519EF02EFD0DCA,IMPHASH=93F47FEB08B7E50D26C2751466BF0E0F{00000000-0000-0000-0000-000000000000}1292--- 4688201331200x8020000000000000573048Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x924C:\Windows\Installer\MSI1A10.tmp%%19360x50c"C:\Windows\Installer\MSI1A10.tmp" /HideWindow rundll32 C:\Users\Administrator\AppData\Roaming\KROST.dll,hvsiAR-WIN-2\AdministratorAdministratorAR-WIN-20x10976eC:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000572969Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x3ecC:\Windows\Installer\MSI782B.tmp%%19360x420"C:\Windows\Installer\MSI782B.tmp" /HideWindow rundll32 C:\Users\Administrator\AppData\Roaming\KROST.dll,hvsiAR-WIN-2\AdministratorAdministratorAR-WIN-20x10976eC:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level 154100x8000000000000000202944Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-01-03 12:10:21.356{C429ADC8-4EAD-6595-D403-000000003A03}1004C:\Windows\Installer\MSI782B.tmp21.2.2.0File that launches another fileAdvanced InstallerCaphyon LTDviewer.exe"C:\Windows\Installer\MSI782B.tmp" /HideWindow rundll32 C:\Users\Administrator\AppData\Roaming\KROST.dll,hvsiC:\Windows\system32\AR-WIN-2\Administrator{C429ADC8-46E4-6595-6E97-100000000000}0x10976e2HighMD5=B41E1B0AE2EC215C568C395B0DBB738A,SHA256=A97E782C5612C1A9C8A56C56A943F6190FA7A73C346566860B519EF02EFD0DCA,IMPHASH=93F47FEB08B7E50D26C2751466BF0E0F{C429ADC8-4D7C-6595-A703-000000003A03}1056C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /VNT AUTHORITY\SYSTEM 154100x8000000000000000201061Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2024-01-03 12:05:24.220{C429ADC8-4D84-6595-AE03-000000003A03}5848C:\Windows\Installer\MSIEF80.tmp21.2.2.0File that launches another fileAdvanced InstallerCaphyon LTDviewer.exe"C:\Windows\Installer\MSIEF80.tmp" /HideWindow rundll32 C:\Users\Administrator\AppData\Roaming\KROST.dll,hvsiC:\Windows\system32\AR-WIN-2\Administrator{C429ADC8-46E4-6595-6E97-100000000000}0x10976e2HighMD5=B41E1B0AE2EC215C568C395B0DBB738A,SHA256=A97E782C5612C1A9C8A56C56A943F6190FA7A73C346566860B519EF02EFD0DCA,IMPHASH=93F47FEB08B7E50D26C2751466BF0E0F{C429ADC8-4D7C-6595-A703-000000003A03}1056C:\Windows\System32\msiexec.exeC:\Windows\system32\msiexec.exe /VNT AUTHORITY\SYSTEM 4688201331200x8020000000000000572930Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x16d8C:\Windows\Installer\MSIEF80.tmp%%19360x420"C:\Windows\Installer\MSIEF80.tmp" /HideWindow rundll32 C:\Users\Administrator\AppData\Roaming\KROST.dll,hvsiAR-WIN-2\AdministratorAdministratorAR-WIN-20x10976eC:\Windows\System32\msiexec.exeMandatory Label\High Mandatory Level