154100x800000000000000013214263Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-979-2022-06-30 16:18:35.334{7CF983DC-CCDB-62BD-4C36-020000006202}3500C:\Windows\System32\odbcconf.exe10.0.14393.0 (rs1_release.160715-1616)ODBC Driver Configuration ProgramMicrosoft® Windows® Operating SystemMicrosoft Corporationodbcconf.exeodbcconf.exe /S /A {REGSVR "C:\AtomicRedTeam\atomics\T1218.008\src\Win32\T1218-2.dll"}C:\Users\ADMINI~1\AppData\Local\Temp\2\WIN-HOST-MHAAG-\Administrator{7CF983DC-EE99-62A8-FF22-070000000000}0x722ff2HighMD5=4D7DE33E313C4E6E55FF977BB7E71512,SHA256=60DA7053B6509A1B5B4C443901EC520F34142EDD61B2DE5092D1EE8276C37E2D{7CF983DC-CCDB-62BD-4A36-020000006202}6084C:\Windows\System32\cmd.exe"cmd.exe" /c "odbcconf.exe /S /A {REGSVR "C:\AtomicRedTeam\atomics\T1218.008\src\Win32\T1218-2.dll"}"WIN-HOST-MHAAG-\Administrator 154100x800000000000000013214228Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-979-2022-06-30 16:18:35.284{7CF983DC-CCDB-62BD-4B36-020000006202}3428C:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXE\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\WindowsWIN-HOST-MHAAG-\Administrator{7CF983DC-EE99-62A8-FF22-070000000000}0x722ff2HighMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0{7CF983DC-CCDB-62BD-4A36-020000006202}6084C:\Windows\System32\cmd.exe"cmd.exe" /c "odbcconf.exe /S /A {REGSVR "C:\AtomicRedTeam\atomics\T1218.008\src\Win32\T1218-2.dll"}"WIN-HOST-MHAAG-\Administrator 154100x800000000000000013214221Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-979-2022-06-30 16:18:35.231{7CF983DC-CCDB-62BD-4A36-020000006202}6084C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c "odbcconf.exe /S /A {REGSVR "C:\AtomicRedTeam\atomics\T1218.008\src\Win32\T1218-2.dll"}"C:\Users\ADMINI~1\AppData\Local\Temp\2\WIN-HOST-MHAAG-\Administrator{7CF983DC-EE99-62A8-FF22-070000000000}0x722ff2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{7CF983DC-EEA1-62A8-9500-000000006202}4692C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator