154100x800000000000000033078Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2024-12-17 13:36:38.722{0D0820D7-7E66-6761-0201-00000000C203}3968C:\Windows\System32\logoff.exe10.0.14393.0 (rs1_release.160715-1616)Session Logoff UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationlogoff.exe"C:\Windows\system32\logoff.exe" ActiveC:\Users\Administrator\ATTACKRANGE\Administrator{0D0820D7-7C25-6761-5419-040000000000}0x419542HighMD5=63DAFD4EB9CF5D5BAD52B2F78C9C3DDD,SHA256=EC35AEEDEDEAD912B65247BEBF6B87D010182ACA99EA78B6EE2D80BD267FBD40,IMPHASH=486A3F318A05A320AF7EF51392C713BE{0D0820D7-7DE3-6761-E600-00000000C203}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" ATTACKRANGE\Administrator 154100x800000000000000033077Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2024-12-17 13:36:38.699{0D0820D7-7E66-6761-0101-00000000C203}3908C:\Windows\System32\logoff.exe10.0.14393.0 (rs1_release.160715-1616)Session Logoff UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationlogoff.exe"C:\Windows\system32\logoff.exe" STATEC:\Users\Administrator\ATTACKRANGE\Administrator{0D0820D7-7C25-6761-5419-040000000000}0x419542HighMD5=63DAFD4EB9CF5D5BAD52B2F78C9C3DDD,SHA256=EC35AEEDEDEAD912B65247BEBF6B87D010182ACA99EA78B6EE2D80BD267FBD40,IMPHASH=486A3F318A05A320AF7EF51392C713BE{0D0820D7-7DE3-6761-E600-00000000C203}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" ATTACKRANGE\Administrator 154100x800000000000000033066Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2024-12-17 13:35:11.992{0D0820D7-7E0F-6761-F600-00000000C203}5004C:\Windows\System32\logoff.exe10.0.14393.0 (rs1_release.160715-1616)Session Logoff UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationlogoff.exe"C:\Windows\system32\logoff.exe" ActiveC:\Users\Administrator\ATTACKRANGE\Administrator{0D0820D7-7C25-6761-5419-040000000000}0x419542HighMD5=63DAFD4EB9CF5D5BAD52B2F78C9C3DDD,SHA256=EC35AEEDEDEAD912B65247BEBF6B87D010182ACA99EA78B6EE2D80BD267FBD40,IMPHASH=486A3F318A05A320AF7EF51392C713BE{0D0820D7-7DE3-6761-E600-00000000C203}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" ATTACKRANGE\Administrator 154100x800000000000000033065Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2024-12-17 13:35:11.962{0D0820D7-7E0F-6761-F500-00000000C203}4244C:\Windows\System32\logoff.exe10.0.14393.0 (rs1_release.160715-1616)Session Logoff UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationlogoff.exe"C:\Windows\system32\logoff.exe" STATEC:\Users\Administrator\ATTACKRANGE\Administrator{0D0820D7-7C25-6761-5419-040000000000}0x419542HighMD5=63DAFD4EB9CF5D5BAD52B2F78C9C3DDD,SHA256=EC35AEEDEDEAD912B65247BEBF6B87D010182ACA99EA78B6EE2D80BD267FBD40,IMPHASH=486A3F318A05A320AF7EF51392C713BE{0D0820D7-7DE3-6761-E600-00000000C203}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" ATTACKRANGE\Administrator 154100x800000000000000033057Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2024-12-17 13:34:32.095{0D0820D7-7DE8-6761-EE00-00000000C203}2560C:\Windows\System32\logoff.exe10.0.14393.0 (rs1_release.160715-1616)Session Logoff UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationlogoff.exe"C:\Windows\system32\logoff.exe" ActiveC:\Users\Administrator\ATTACKRANGE\Administrator{0D0820D7-7C25-6761-5419-040000000000}0x419542HighMD5=63DAFD4EB9CF5D5BAD52B2F78C9C3DDD,SHA256=EC35AEEDEDEAD912B65247BEBF6B87D010182ACA99EA78B6EE2D80BD267FBD40,IMPHASH=486A3F318A05A320AF7EF51392C713BE{0D0820D7-7DE3-6761-E600-00000000C203}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" ATTACKRANGE\Administrator 154100x800000000000000033056Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2024-12-17 13:34:32.060{0D0820D7-7DE8-6761-ED00-00000000C203}2660C:\Windows\System32\logoff.exe10.0.14393.0 (rs1_release.160715-1616)Session Logoff UtilityMicrosoft® Windows® Operating SystemMicrosoft Corporationlogoff.exe"C:\Windows\system32\logoff.exe" STATEC:\Users\Administrator\ATTACKRANGE\Administrator{0D0820D7-7C25-6761-5419-040000000000}0x419542HighMD5=63DAFD4EB9CF5D5BAD52B2F78C9C3DDD,SHA256=EC35AEEDEDEAD912B65247BEBF6B87D010182ACA99EA78B6EE2D80BD267FBD40,IMPHASH=486A3F318A05A320AF7EF51392C713BE{0D0820D7-7DE3-6761-E600-00000000C203}3548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" ATTACKRANGE\Administrator