11241100x8000000000000000180924Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:37:16.912{F4BF863A-884B-66F2-13CD-000000001403}5892C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h37m15s-24-9-2024\Chrome 0\pass.txt2024-09-24 09:37:16.912TESTLAB-WIN-2\Administrator 11241100x8000000000000000180923Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:37:16.912{F4BF863A-884B-66F2-13CD-000000001403}5892C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h37m15s-24-9-2024\Chrome 0\master_key.txt2024-09-24 09:37:16.912TESTLAB-WIN-2\Administrator 11241100x8000000000000000180922Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:37:16.912{F4BF863A-884B-66F2-13CD-000000001403}5892C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h37m15s-24-9-2024\Chrome 0\Local State2024-09-24 09:37:16.912TESTLAB-WIN-2\Administrator 11241100x8000000000000000180921Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:37:16.912{F4BF863A-884B-66F2-13CD-000000001403}5892C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h37m15s-24-9-2024\Chrome 0\Login Data2024-09-24 09:37:16.912TESTLAB-WIN-2\Administrator 11241100x8000000000000000180920Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:37:16.897{F4BF863A-884B-66F2-13CD-000000001403}5892C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h37m15s-24-9-2024\Chrome 0\Cookies2024-09-24 09:37:16.897TESTLAB-WIN-2\Administrator 11241100x8000000000000000180915Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:37:15.819{F4BF863A-884B-66F2-13CD-000000001403}5892C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h37m15s-24-9-2024\firefox\profile1\cookies.sqlite-shm2024-09-24 09:37:15.819TESTLAB-WIN-2\Administrator 11241100x8000000000000000180914Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:37:15.819{F4BF863A-884B-66F2-13CD-000000001403}5892C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h37m15s-24-9-2024\firefox\profile1\cookies.sqlite-wal2024-09-24 09:37:15.819TESTLAB-WIN-2\Administrator 11241100x8000000000000000180913Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:37:15.819{F4BF863A-884B-66F2-13CD-000000001403}5892C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h37m15s-24-9-2024\firefox\profile1\pass.txt2024-09-24 09:37:15.819TESTLAB-WIN-2\Administrator 11241100x8000000000000000180912Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:37:15.819{F4BF863A-884B-66F2-13CD-000000001403}5892C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h37m15s-24-9-2024\firefox\profile1\logins.json2024-09-24 09:37:15.819TESTLAB-WIN-2\Administrator 11241100x8000000000000000180910Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:37:15.819{F4BF863A-884B-66F2-13CD-000000001403}5892C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h37m15s-24-9-2024\firefox\profile1\cookies.sqlite2024-09-24 09:37:15.819TESTLAB-WIN-2\Administrator 11241100x8000000000000000180892Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:36:55.328{F4BF863A-8835-66F2-04CD-000000001403}5144C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h36m53s-24-9-2024\Chrome 0\pass.txt2024-09-24 09:36:55.328TESTLAB-WIN-2\Administrator 11241100x8000000000000000180891Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:36:55.328{F4BF863A-8835-66F2-04CD-000000001403}5144C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h36m53s-24-9-2024\Chrome 0\master_key.txt2024-09-24 09:36:55.328TESTLAB-WIN-2\Administrator 11241100x8000000000000000180890Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:36:55.312{F4BF863A-8835-66F2-04CD-000000001403}5144C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h36m53s-24-9-2024\Chrome 0\Local State2024-09-24 09:36:55.312TESTLAB-WIN-2\Administrator 11241100x8000000000000000180889Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:36:55.312{F4BF863A-8835-66F2-04CD-000000001403}5144C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h36m53s-24-9-2024\Chrome 0\Login Data2024-09-24 09:36:55.312TESTLAB-WIN-2\Administrator 11241100x8000000000000000180888Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:36:55.312{F4BF863A-8835-66F2-04CD-000000001403}5144C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h36m53s-24-9-2024\Chrome 0\Cookies2024-09-24 09:36:55.312TESTLAB-WIN-2\Administrator 11241100x8000000000000000180882Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:36:54.234{F4BF863A-8835-66F2-04CD-000000001403}5144C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h36m53s-24-9-2024\firefox\profile1\cookies.sqlite-shm2024-09-24 09:36:54.234TESTLAB-WIN-2\Administrator 11241100x8000000000000000180881Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:36:54.234{F4BF863A-8835-66F2-04CD-000000001403}5144C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h36m53s-24-9-2024\firefox\profile1\cookies.sqlite-wal2024-09-24 09:36:54.234TESTLAB-WIN-2\Administrator 11241100x8000000000000000180880Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:36:54.234{F4BF863A-8835-66F2-04CD-000000001403}5144C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h36m53s-24-9-2024\firefox\profile1\pass.txt2024-09-24 09:36:54.234TESTLAB-WIN-2\Administrator 11241100x8000000000000000180879Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:36:54.234{F4BF863A-8835-66F2-04CD-000000001403}5144C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h36m53s-24-9-2024\firefox\profile1\logins.json2024-09-24 09:36:54.234TESTLAB-WIN-2\Administrator 11241100x8000000000000000180877Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:36:54.234{F4BF863A-8835-66F2-04CD-000000001403}5144C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h36m53s-24-9-2024\firefox\profile1\cookies.sqlite2024-09-24 09:36:54.234TESTLAB-WIN-2\Administrator 11241100x8000000000000000180843Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:33:56.764{F4BF863A-8783-66F2-E6CC-000000001403}5828C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h33m55s-24-9-2024\Chrome 0\pass.txt2024-09-24 09:33:56.764TESTLAB-WIN-2\Administrator 11241100x8000000000000000180842Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:33:56.764{F4BF863A-8783-66F2-E6CC-000000001403}5828C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h33m55s-24-9-2024\Chrome 0\Login Data2024-09-24 09:33:56.764TESTLAB-WIN-2\Administrator 11241100x8000000000000000180841Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:33:56.764{F4BF863A-8783-66F2-E6CC-000000001403}5828C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h33m55s-24-9-2024\Chrome 0\Cookies2024-09-24 09:33:56.764TESTLAB-WIN-2\Administrator 11241100x8000000000000000180836Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:33:55.701{F4BF863A-8783-66F2-E6CC-000000001403}5828C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h33m55s-24-9-2024\firefox\profile1\cookies.sqlite-shm2024-09-24 09:33:55.701TESTLAB-WIN-2\Administrator 11241100x8000000000000000180835Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:33:55.701{F4BF863A-8783-66F2-E6CC-000000001403}5828C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h33m55s-24-9-2024\firefox\profile1\cookies.sqlite-wal2024-09-24 09:33:55.701TESTLAB-WIN-2\Administrator 11241100x8000000000000000180834Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:33:55.701{F4BF863A-8783-66F2-E6CC-000000001403}5828C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h33m55s-24-9-2024\firefox\profile1\pass.txt2024-09-24 09:33:55.701TESTLAB-WIN-2\Administrator 11241100x8000000000000000180833Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:33:55.686{F4BF863A-8783-66F2-E6CC-000000001403}5828C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h33m55s-24-9-2024\firefox\profile1\logins.json2024-09-24 09:33:55.686TESTLAB-WIN-2\Administrator 11241100x8000000000000000180831Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:33:55.686{F4BF863A-8783-66F2-E6CC-000000001403}5828C:\Users\Administrator\Downloads\10tymonth-main_2\10tymonth-main\python.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 9h33m55s-24-9-2024\firefox\profile1\cookies.sqlite2024-09-24 09:33:55.686TESTLAB-WIN-2\Administrator 703604000x8080000000000000158948Systemtestlab-win-2.attackrange.localMicrosoft Passportstopped4E00670063005300760063002F0031000000 4688201331200x8020000000000000538984Securitytestlab-win-2.attackrange.localTESTLAB-WIN-2\AdministratorAdministratorTESTLAB-WIN-20x491440x177cC:\Windows\System32\notepad.exe%%19360xf84"C:\Windows\system32\NOTEPAD.EXE" C:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 14h49m15s-18-9-2024\cookiefb.txtNULL SID--0x0C:\Windows\explorer.exeMandatory Label\High Mandatory Level 154100x8000000000000000180761Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:23:23.612{F4BF863A-850B-66F2-A7CC-000000001403}6012C:\Windows\System32\notepad.exe10.0.14393.4169 (rs1_release.210107-1130)NotepadMicrosoft® Windows® Operating SystemMicrosoft CorporationNOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 14h49m15s-18-9-2024\cookiefb.txtC:\Users\ADMINI~1\AppData\Local\Temp\2\US 13.52.167.115 14h49m15s-18-9-2024\TESTLAB-WIN-2\Administrator{F4BF863A-7C6A-66E9-4491-040000000000}0x491442HighMD5=BA78FCF8CA9D806C6C047357E31748DE,SHA256=34A07759492E31AEC2A009505FE8DFB50242375C4308AD4657B2872F4F75A077,IMPHASH=968239BE2020F1C0DAFFDCDBD49E9C82{F4BF863A-7C6B-66E9-8B00-000000001403}3972C:\Windows\explorer.exeC:\Windows\Explorer.EXETESTLAB-WIN-2\Administrator 703604000x8080000000000000158945Systemtestlab-win-2.attackrange.localMicrosoft Passportrunning4E00670063005300760063002F0034000000 4738001382400x8020000000000000538973Securitytestlab-win-2.attackrange.local-AdministratorTESTLAB-WIN-2TESTLAB-WIN-2\AdministratorTESTLAB-WIN-2\AdministratorAdministratorTESTLAB-WIN-20x49144------------------- 4688201331200x8020000000000000538909Securitytestlab-win-2.attackrange.localNT AUTHORITY\SYSTEMTESTLAB-WIN-2$ATTACKRANGE0x3e70x182cC:\Windows\System32\wlrmdr.exe%%19360x954-s 60000 -f 1 -t Consider changing your password -m Your password expires today. To change your password, press CTRL+ALT+END and then click "Change a password". -a 0TESTLAB-WIN-2\AdministratorAdministratorTESTLAB-WIN-20x49144C:\Windows\System32\winlogon.exeMandatory Label\High Mandatory Level 154100x8000000000000000180731Microsoft-Windows-Sysmon/Operationaltestlab-win-2.attackrange.local-2024-09-24 09:19:26.105{F4BF863A-841E-66F2-7FCC-000000001403}6188C:\Windows\System32\wlrmdr.exe10.0.14393.4169 (rs1_release.210107-1130)Windows logon reminderMicrosoft® Windows® Operating SystemMicrosoft CorporationWLRMNDR.EXE-s 60000 -f 1 -t Consider changing your password -m Your password expires today. To change your password, press CTRL+ALT+END and then click "Change a password". -a 0C:\Windows\system32\TESTLAB-WIN-2\Administrator{F4BF863A-7C6A-66E9-4491-040000000000}0x491442HighMD5=DF9B0FA86DD44537F0764C0B068C32FC,SHA256=E6F559A6A36C042826C9430B2D669A7FA4C3513159DA370B2CC258E13AF37591,IMPHASH=5A2DB772209CDAEB04D5A9F908EF5AD3{F4BF863A-7C68-66E9-7E00-000000001403}2388C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM