154100x800000000000000015957Microsoft-Windows-Sysmon/Operationalwin-dc-bpatel-09140-457.attackrange.local-2022-06-01 19:19:46.325{AB6E2530-BBD2-6297-4901-000000005502}5036C:\Windows\System32\fltMC.exe10.0.14393.0 (rs1_release.160715-1616)Filter Manager Control ProgramMicrosoft® Windows® Operating SystemMicrosoft CorporationfltMC.exefltmc.exe unload SysmonDrvC:\Users\ADMINI~1\AppData\Local\Temp\ATTACKRANGE\Administrator{AB6E2530-BBCF-6297-D2BD-130000000000}0x13bdd20HighMD5=C1FB634109DF6A3E5BB58E09ED31A150,SHA256=AECB882985F84A7531A27CF401BF86DBEC9191FDF6993C1317F35BEB1E32EA94,IMPHASH=AF4889FE31BB80CDC76CC345BD4B5B54{AB6E2530-BBD2-6297-4701-000000005502}4928C:\Windows\System32\cmd.exe"cmd.exe" /c "fltmc.exe unload SysmonDrv" 154100x800000000000000015943Microsoft-Windows-Sysmon/Operationalwin-dc-bpatel-09140-457.attackrange.local-2022-06-01 19:19:46.302{AB6E2530-BBD2-6297-4701-000000005502}4928C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c "fltmc.exe unload SysmonDrv"C:\Users\ADMINI~1\AppData\Local\Temp\ATTACKRANGE\Administrator{AB6E2530-BBCF-6297-D2BD-130000000000}0x13bdd20HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{AB6E2530-BBD0-6297-4201-000000005502}4852C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABJAG0AcABvAHIAdAAtAE0AbwBkAHUAbABlACAAIgBDADoAXABBAHQAbwBtAGkAYwBSAGUAZABUAGUAYQBtAFwAaQBuAHYAbwBrAGUALQBhAHQAbwBtAGkAYwByAGUAZAB0AGUAYQBtAFwASQBuAHYAbwBrAGUALQBBAHQAbwBtAGkAYwBSAGUAZABUAGUAYQBtAC4AcABzAGQAMQAiACAALQBGAG8AcgBjAGUACgBJAG4AdgBvAGsAZQAtAEEAdABvAG0AaQBjAFQAZQBzAHQAIAAiAFQAMQA1ADYAMgAuADAAMAAxACIAIAAtAEMAbwBuAGYAaQByAG0AOgAkAGYAYQBsAHMAZQAgAC0AVABpAG0AZQBvAHUAdABTAGUAYwBvAG4AZABzACAAMwAwADAAIAAtAEUAeABlAGMAdQB0AGkAbwBuAEwAbwBnAFAAYQB0AGgAIABDADoAXABBAHQAbwBtAGkAYwBSAGUAZABUAGUAYQBtAFwAYQB0AGMAXwBlAHgAZQBjAHUAdABpAG8AbgAuAGMAcwB2AA==