354300x80000000000000001982374Microsoft-Windows-Sysmon/Operationalattackbox.lan.local-2023-01-29 11:33:02.113{bbce0e7a-5962-63d6-2234-7f2800000000}2536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAttackMetcptruefalse192.168.1.20attackbox.lan.local62764-false173.194.214.101google.com443https 154100x80000000000000001982343Microsoft-Windows-Sysmon/Operationalattackbox.lan.local-2023-01-29 11:32:50.239{bbce0e7a-5962-63d6-2234-7f2800000000}2536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.17763.1 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "& 'C:\Temp\lolbas_test.ps1'{dddbfd6d-8a8a-45f4-bafe-9e1b4621eb1d}'C:\Temp\AttackMe{bbce0e7a-a228-63d2-bca3-030000000000}0x3a3bc0HighMD5=7353F60B1739074EB17C5F4DDDEFE239,SHA256=DE96A6E69944335375DC1AC238336066889D9FFC7D73628EF4FE1B1B160AB32C,IMPHASH=741776AACCFC5B71FF59832DCDCACE0F{bbce0e7a-a24f-63d2-9836-090000000000}4920C:\Temp\powershell.exe"C:\Temp\powershell.exe" -Embedding 354300x8000000000000000300730Microsoft-Windows-Sysmon/Operationalattackbox.lan.local2023-01-30 20:08:08.445{8E071266-2392-63D8-0000-00103B0B190D}17832C:\Windows\System32\cmd.exeAttackMetcptruefalse192.168.1.20attackbox.lan.local49392false137.117.109.130443https 154100x8000000000000000300655Microsoft-Windows-Sysmon/Operationalattackbox.lan.local2023-01-30 20:07:46.518{8E071266-2392-63D8-0000-00103B0B190D}17832C:\Windows\System32\cmd.exe6.3.9600.17415 (winblue_r4.141028-1500)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Test_Batch_Files\Outbound.bat""C:\Test_Batch_Files\AttackMe{8E071266-237F-63D8-0000-0020C65B140D}0xd145bc680MediumMD5=F5AE03DE0AD60F5B17B82F2CD68402FE,SHA256=6F88FB88FFB0F1D5465C2826E5B4F523598B1B8378377C8378FFEBC171BAD18B,IMPHASH=77AED1ADAF24B344F08C8AD1432908C3{8E071266-2391-63D8-0000-001071D0170D}9408C:\Program Files (x86)\Citrix\System32\wfshell.exe"C:\Program Files (x86)\Citrix\System32\wfshell.exe" 354300x8000000000000000849998Microsoft-Windows-Sysmon/Operationalattackbox.lan.local-2023-01-30 20:27:48.840{8ac176d0-2812-63d8-872b-1d0400000000}9980C:\Windows\SysWOW64\msiexec.exeNT AUTHORITY\SYSTEMtcptruefalse192.168.1.20attackbox.lan.local58141-false52.22.41.90ec2-52-22-41-90.compute-1.amazonaws.com443https 154100x8000000000000000849711Microsoft-Windows-Sysmon/Operationalattackbox.lan.local-2023-01-30 20:26:58.154{8ac176d0-2812-63d8-872b-1d0400000000}9980C:\Windows\SysWOW64\msiexec.exe5.0.19041.2193 (WinBuild.160101.0800)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 9F17CF72F57573D6B6AE5214F745A83C E Global\MSI0000C:\WINDOWS\SysWOW64\NT AUTHORITY\SYSTEM{8ac176d0-b1c3-63d7-e703-000000000000}0x3e70SystemMD5=358672CD45148B835B1529D15A746847,SHA256=3247CF2A21F401513D3DB524433E8CBA7430FCFFE5BF81CE0FD90C429505F78C,IMPHASH=94A0F72DD6D0745010DB6BE24C4DBBA7{8ac176d0-2810-63d8-ed0f-1d0400000000}13488C:\Windows\System32\msiexec.exeC:\WINDOWS\system32\msiexec.exe /V