154100x800000000000000013208447Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-979-2022-06-30 16:10:34.631{7CF983DC-CAFA-62BD-0D36-020000006202}5052C:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXE\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\WindowsWIN-HOST-MHAAG-\Administrator{7CF983DC-EE99-62A8-FF22-070000000000}0x722ff2HighMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0{7CF983DC-CAFA-62BD-0C36-020000006202}292C:\Windows\System32\odbcconf.exeodbcconf.exe /F T1218.008.rspWIN-HOST-MHAAG-\Administrator 154100x800000000000000013208401Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-979-2022-06-30 16:10:34.258{7CF983DC-CAFA-62BD-0C36-020000006202}292C:\Windows\System32\odbcconf.exe10.0.14393.0 (rs1_release.160715-1616)ODBC Driver Configuration ProgramMicrosoft® Windows® Operating SystemMicrosoft Corporationodbcconf.exeodbcconf.exe /F T1218.008.rspC:\AtomicRedTeam\atomics\T1218.008\bin\WIN-HOST-MHAAG-\Administrator{7CF983DC-EE99-62A8-FF22-070000000000}0x722ff2HighMD5=4D7DE33E313C4E6E55FF977BB7E71512,SHA256=60DA7053B6509A1B5B4C443901EC520F34142EDD61B2DE5092D1EE8276C37E2D{7CF983DC-CAFA-62BD-0A36-020000006202}1616C:\Windows\System32\cmd.exe"cmd.exe" /c "cd C:\AtomicRedTeam\atomics\T1218.008\bin\ & odbcconf.exe /F T1218.008.rsp"WIN-HOST-MHAAG-\Administrator 154100x800000000000000013208366Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-979-2022-06-30 16:10:34.234{7CF983DC-CAFA-62BD-0B36-020000006202}6092C:\Windows\System32\conhost.exe10.0.14393.0 (rs1_release.160715-1616)Console Window HostMicrosoft® Windows® Operating SystemMicrosoft CorporationCONHOST.EXE\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\WindowsWIN-HOST-MHAAG-\Administrator{7CF983DC-EE99-62A8-FF22-070000000000}0x722ff2HighMD5=D752C96401E2540A443C599154FC6FA9,SHA256=046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0{7CF983DC-CAFA-62BD-0A36-020000006202}1616C:\Windows\System32\cmd.exe"cmd.exe" /c "cd C:\AtomicRedTeam\atomics\T1218.008\bin\ & odbcconf.exe /F T1218.008.rsp"WIN-HOST-MHAAG-\Administrator 154100x800000000000000013208359Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-979-2022-06-30 16:10:34.191{7CF983DC-CAFA-62BD-0A36-020000006202}1616C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c "cd C:\AtomicRedTeam\atomics\T1218.008\bin\ & odbcconf.exe /F T1218.008.rsp"C:\Users\ADMINI~1\AppData\Local\Temp\2\WIN-HOST-MHAAG-\Administrator{7CF983DC-EE99-62A8-FF22-070000000000}0x722ff2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2{7CF983DC-EEA1-62A8-9500-000000006202}4692C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator