154100x80000000000000009097071Microsoft-Windows-Sysmon/Operationalvictim.attack.range-2023-04-12 04:00:00.458{14FC5F03-4BE8-63D1-59A1-00000000EB00}8296C:\Windows\System32\cmd.exe6.3.9600.17415 (winblue_r4.141028-1500)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd.exeC:\Program Files (x86)\QLogic Corporation\QConvergeConsole\tomcat-x64\apache-tomcat-6.0.35\NT AUTHORITY\SYSTEM{14FC5F03-33C1-63CE-E703-000000000000}0x3e70SystemMD5=F5AE03DE0AD60F5B17B82F2CD68402FE,SHA256=6F88FB88FFB0F1D5465C2826E5B4F523598B1B8378377C8378FFEBC171BAD18B,IMPHASH=77AED1ADAF24B344F08C8AD1432908C3{14FC5F03-33CE-63CE-4F00-00000000EB00}3460C:\Program Files (x86)\QLogic Corporation\QConvergeConsole\tomcat-x64\apache-tomcat-6.0.35\bin\tomcat6.exe"C:\Program Files (x86)\QLogic Corporation\QConvergeConsole\tomcat-x64\apache-tomcat-6.0.35\bin\tomcat6.exe" //RS//Tomcat6
154100x80000000000000001666375Microsoft-Windows-Sysmon/Operationalvictim.attack.range-2023-04-12 04:00:27.571{da6bd103-2cdb-6436-ce05-3b5c00000000}16744C:\Windows\System32\tasklist.exe10.0.17763.1 (WinBuild.160101.0800)Lists the current running tasksMicrosoft® Windows® Operating SystemMicrosoft Corporationtasklist.exetasklist -vD:\Program Files\Stanley\MobileView\services\asset-manager\tomcat\bin\NT AUTHORITY\SYSTEM{da6bd103-36b5-642f-e703-000000000000}0x3e70SystemMD5=B802C79BE392F3BFCC51CDA425BC94D2,SHA256=113C4D989A47B80905E92C06E48E03B24D44CADBF7BC7E86D948D7DA9DC98252,IMPHASH=DCE1F3B1BD09BBAD166CE65677E33EDB{da6bd103-376d-642f-771a-3e0000000000}9524D:\Program Files\Stanley\MobileView\services\asset-manager\tomcat\bin\x64\tomcat9.exe"D:\Program Files\Stanley\MobileView\services\asset-manager\tomcat\bin\x64\tomcat9.exe" //RS//mv_asset-manager
154100x80000000000000001214000Microsoft-Windows-Sysmon/Operationalvictim.attack.range-2023-04-12 04:01:00.445{fb64b8b6-5a12-6436-9961-5f0900000000}9824C:\Windows\SysWOW64\net.exe10.0.17763.1 (WinBuild.160101.0800)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"net" localgroup "ADMINISTRATORS" "BACKDOOR_1" /addC:\Windows\TEMP\NT AUTHORITY\SYSTEM{fb64b8b6-c230-6434-e703-000000000000}0x3e70SystemMD5=CB0744AA7ACB8B8A960FCCE3259739EC,SHA256=1FB73D95BD75DCC9734C2586E8D9C5EEA74706786D6AD71523FFC8799817348F,IMPHASH=AC592B83B5CAEB41A6F6DF7DB53F9076{fb64b8b6-5a0d-6436-23f0-5e0900000000}1004C:\Windows\SysWOW64\inetsrv\w3wp.exeC:\Windows\SysWOW64\inetsrv\w3wp.exe -ap "TegManager.UI.TEG Manager" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipm4f7b9590-72e9-4ed6-b286-af5c9e9fcda5 -h "C:\inetpub\temp\apppools\TegManager.UI.TEG Manager\TegManager.UI.TEG Manager.config" -w "" -m 0 -t 20 -ta 0