154100x80000000000000001078451544Microsoft-Windows-Sysmon/Operationalwin-dc-exch01.attackrange.local-2022-12-19 19:51:21.383{0BBB6F36-C0B9-63A0-58F6-040000009E02}5552C:\Windows\System32\inetsrv\appcmd.exe10.0.14393.4169 (rs1_release.210107-1130)Application Server Command Line Admin ToolInternet Information ServicesMicrosoft Corporationappcmd.exec:\windows\system32\inetsrv\Appcmd.exe install module /name:AtomicRedTeamHere4u2 /image:c:\temp\msf.dllc:\Windows\System32\inetsrv\ATTACKRANGE\Administrator{0BBB6F36-543A-6397-FEAF-C10100000000}0x1c1affe2HighMD5=05CB98CB028E1D62B62904DD78F23DC0,SHA256=FED8F5CACFC589EB7A1EFB5F4CAE7EF092934747DF1E91950EBC4B9202EA7CBD{0BBB6F36-94EA-63A0-499A-040000009E02}11172C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\Administrator 154100x800000000000000028961458Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-12-19 19:17:34.228{CCA468B6-B8CE-63A0-BF1F-010000009702}7048C:\Windows\System32\inetsrv\appcmd.exe10.0.14393.4169 (rs1_release.210107-1130)Application Server Command Line Admin ToolInternet Information ServicesMicrosoft Corporationappcmd.exe"C:\windows\system32\inetsrv\appcmd.exe" install module /name:IIS_Backdoor2 /image:c:\windows\system32\inetsrv\IIS-Backdoor.dll /add:trueC:\Users\Administrator\WIN-HOST-MHAAG-\Administrator{CCA468B6-565F-6397-FC63-1C0000000000}0x1c63fc2HighMD5=05CB98CB028E1D62B62904DD78F23DC0,SHA256=FED8F5CACFC589EB7A1EFB5F4CAE7EF092934747DF1E91950EBC4B9202EA7CBD{CCA468B6-B7AC-63A0-701F-010000009702}4052C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator 154100x800000000000000028960995Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-12-19 19:17:24.846{CCA468B6-B8C4-63A0-BE1F-010000009702}5828C:\Windows\System32\inetsrv\appcmd.exe10.0.14393.4169 (rs1_release.210107-1130)Application Server Command Line Admin ToolInternet Information ServicesMicrosoft Corporationappcmd.exe"C:\windows\system32\inetsrv\appcmd.exe" install module /name:IIS_Backdoor /image:c:\windows\system32\inetsrv\IIS-Backdoor.dll /add:trueC:\Users\Administrator\WIN-HOST-MHAAG-\Administrator{CCA468B6-565F-6397-FC63-1C0000000000}0x1c63fc2HighMD5=05CB98CB028E1D62B62904DD78F23DC0,SHA256=FED8F5CACFC589EB7A1EFB5F4CAE7EF092934747DF1E91950EBC4B9202EA7CBD{CCA468B6-B7AC-63A0-701F-010000009702}4052C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator 154100x800000000000000028944030Microsoft-Windows-Sysmon/Operationalwin-host-mhaag-attack-range-622-2022-12-19 19:13:28.937{CCA468B6-B7D8-63A0-791F-010000009702}6980C:\Windows\System32\inetsrv\appcmd.exe10.0.14393.4169 (rs1_release.210107-1130)Application Server Command Line Admin ToolInternet Information ServicesMicrosoft Corporationappcmd.exe"C:\windows\system32\inetsrv\appcmd.exe" install module /name:IIS_Backdoor /image:c:\windows\system32\inetsrv\IIS-Backdoor.dll /add:trueC:\Users\Administrator\WIN-HOST-MHAAG-\Administrator{CCA468B6-565F-6397-FC63-1C0000000000}0x1c63fc2HighMD5=05CB98CB028E1D62B62904DD78F23DC0,SHA256=FED8F5CACFC589EB7A1EFB5F4CAE7EF092934747DF1E91950EBC4B9202EA7CBD{CCA468B6-B7AC-63A0-701F-010000009702}4052C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" WIN-HOST-MHAAG-\Administrator