154100x8000000000000000163640Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-04 19:25:50.221{39524062-69be-67a2-0a84-000000000402}5272C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c whoamiC:\Windows\system32\NT SERVICE\MSSQLSERVER{39524062-6c2c-67a1-2444-c00400000000}0x4c044240HighMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{39524062-6c2c-67a1-4269-000000000402}7648C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVERNT SERVICE\MSSQLSERVER 154100x8000000000000000163635Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-04 19:25:49.941{39524062-69bd-67a2-0484-000000000402}5748C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c whoamiC:\Windows\system32\NT SERVICE\MSSQLSERVER{39524062-6c2c-67a1-2444-c00400000000}0x4c044240HighMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{39524062-6c2c-67a1-4269-000000000402}7648C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVERNT SERVICE\MSSQLSERVER 154100x8000000000000000163533Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-04 19:16:42.968{39524062-679a-67a2-a683-000000000402}4564C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c whoamiC:\Windows\system32\NT SERVICE\MSSQLSERVER{39524062-6c2c-67a1-2444-c00400000000}0x4c044240HighMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{39524062-6c2c-67a1-4269-000000000402}7648C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVERNT SERVICE\MSSQLSERVER 154100x8000000000000000163528Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-04 19:16:42.691{39524062-679a-67a2-a083-000000000402}4860C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c whoamiC:\Windows\system32\NT SERVICE\MSSQLSERVER{39524062-6c2c-67a1-2444-c00400000000}0x4c044240HighMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{39524062-6c2c-67a1-4269-000000000402}7648C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVERNT SERVICE\MSSQLSERVER 154100x8000000000000000162572Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-04 16:35:08.667{39524062-41bc-67a2-ed7f-000000000402}1340C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c whoamiC:\Windows\system32\NT SERVICE\MSSQLSERVER{39524062-6c2c-67a1-2444-c00400000000}0x4c044240HighMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{39524062-6c2c-67a1-4269-000000000402}7648C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVERNT SERVICE\MSSQLSERVER 154100x8000000000000000162567Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-04 16:35:08.398{39524062-41bc-67a2-e77f-000000000402}6512C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c whoamiC:\Windows\system32\NT SERVICE\MSSQLSERVER{39524062-6c2c-67a1-2444-c00400000000}0x4c044240HighMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{39524062-6c2c-67a1-4269-000000000402}7648C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVERNT SERVICE\MSSQLSERVER 154100x8000000000000000162507Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-04 16:34:18.363{39524062-418a-67a2-b47f-000000000402}488C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c whoamiC:\Windows\system32\NT SERVICE\MSSQLSERVER{39524062-6c2c-67a1-2444-c00400000000}0x4c044240HighMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{39524062-6c2c-67a1-4269-000000000402}7648C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVERNT SERVICE\MSSQLSERVER 154100x8000000000000000162502Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-04 16:34:18.098{39524062-418a-67a2-ae7f-000000000402}160C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c whoamiC:\Windows\system32\NT SERVICE\MSSQLSERVER{39524062-6c2c-67a1-2444-c00400000000}0x4c044240HighMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{39524062-6c2c-67a1-4269-000000000402}7648C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVERNT SERVICE\MSSQLSERVER 154100x8000000000000000162363Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-04 16:26:29.566{39524062-3fb5-67a2-427f-000000000402}7780C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c whoamiC:\Windows\system32\NT SERVICE\MSSQLSERVER{39524062-6c2c-67a1-2444-c00400000000}0x4c044240HighMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{39524062-6c2c-67a1-4269-000000000402}7648C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVERNT SERVICE\MSSQLSERVER 154100x8000000000000000162358Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-04 16:26:29.296{39524062-3fb5-67a2-3c7f-000000000402}7584C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c whoamiC:\Windows\system32\NT SERVICE\MSSQLSERVER{39524062-6c2c-67a1-2444-c00400000000}0x4c044240HighMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{39524062-6c2c-67a1-4269-000000000402}7648C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVERNT SERVICE\MSSQLSERVER 154100x8000000000000000162182Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-04 16:03:02.776{39524062-3a36-67a2-907e-000000000402}4460C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c whoamiC:\Windows\system32\NT SERVICE\MSSQLSERVER{39524062-6c2c-67a1-2444-c00400000000}0x4c044240HighMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{39524062-6c2c-67a1-4269-000000000402}7648C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVERNT SERVICE\MSSQLSERVER 154100x8000000000000000162177Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2025-02-04 16:03:02.509{39524062-3a36-67a2-8a7e-000000000402}7884C:\Windows\System32\cmd.exe10.0.20348.2849 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" /c whoamiC:\Windows\system32\NT SERVICE\MSSQLSERVER{39524062-6c2c-67a1-2444-c00400000000}0x4c044240HighMD5=448D1A22FB3E4E05DACE52091152CC27,SHA256=41871DADE953D9F40F4AA445FC19982AB59D263C8AA93D7F67A1451663A09A57,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{39524062-6c2c-67a1-4269-000000000402}7648C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVERNT SERVICE\MSSQLSERVER