154100x8000000000000000362120Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:47:01.481{51A89197-6C95-654E-9B03-000000001D00}3188C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.17134.1 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "& {Set-Location C:\Users\VICTIM\Desktop ; .\test_ads_abuse.txt:not_malware.exe}"C:\Users\VICTIM\Desktop\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=1B3B40FBC889FD4C645CC12C85D0805AC36BA254,MD5=95000560239032BC68B4C2FDFCDEF913,SHA256=D3F8FADE829D2B7BD596C4504A6DAE5C034E789B6A3DEFBE013BDA7D14466677,IMPHASH=741776AACCFC5B71FF59832DCDCACE0F{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Users\VICTIM\Desktop\test_ads_abuse.ps1"ATTACKBOX-WIN10\VICTIM 154100x8000000000000000361146Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:46:53.476{51A89197-6C8D-654E-9803-000000001D00}5204C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.17134.1 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFAAcgBlAHMAZQBuAHQAYQB0AGkAbwBuAEMAbwByAGUALABQAHIAZQBzAGUAbgB0AGEAdABpAG8AbgBGAHIAYQBtAGUAdwBvAHIAawAgADsAIAAkAG0AcwBnAEIAbwBkAHkAIAA9ACAAIgBIAGUAbABsAG8AIABXAG8AcgBsAGQAIgAgADsAIAAkAG0AcwBnAFQAaQB0AGwAZQAgAD0AIAAiAEgAZQBsAGwAbwAgAFcAbwByAGwAZAAiACAAOwAgACQAbQBzAGcAQgB1AHQAdABvAG4AIAA9ACAAJwBPAEsAJwAgADsAIAAkAG0AcwBnAEkAbQBhAGcAZQAgAD0AIAAnAFcAYQByAG4AaQBuAGcAJwAgADsAIAAkAFIAZQBzAHUAbAB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ATQBlAHMAcwBhAGcAZQBCAG8AeABdADoAOgBTAGgAbwB3ACgAJABtAHMAZwBCAG8AZAB5ACwAJABtAHMAZwBUAGkAdABsAGUALAAkAG0AcwBnAEIAdQB0AHQAbwBuACwAJABtAHMAZwBJAG0AYQBnAGUAKQA=C:\Users\VICTIM\Desktop\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=1B3B40FBC889FD4C645CC12C85D0805AC36BA254,MD5=95000560239032BC68B4C2FDFCDEF913,SHA256=D3F8FADE829D2B7BD596C4504A6DAE5C034E789B6A3DEFBE013BDA7D14466677,IMPHASH=741776AACCFC5B71FF59832DCDCACE0F{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Users\VICTIM\Desktop\test_ads_abuse.ps1"ATTACKBOX-WIN10\VICTIM 154100x8000000000000000361131Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:46:53.443{51A89197-6C8D-654E-9703-000000001D00}7920C:\Users\VICTIM\Desktop\test_ads_abuse.txt:Not_Malware.exe10.0.17134.1 (WinBuild.160101.0800)Windows CalculatorMicrosoft® Windows® Operating SystemMicrosoft CorporationCALC.EXE"C:\Users\VICTIM\Desktop\test_ads_abuse.txt:not_malware.exe"C:\Users\VICTIM\Desktop\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=1A4E2C3BBC095CB7D9B85CABE2AEA2C9A769B480,MD5=AFAF2CDF9981342C494B28630608F74A,SHA256=284674A806BCBE692C76761BAAF21327638DE0C7135BFB06953648BE7D661FBD,IMPHASH=8EEAA9499666119D13B3F44ECD77A729{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Users\VICTIM\Desktop\test_ads_abuse.ps1"ATTACKBOX-WIN10\VICTIM 154100x8000000000000000361080Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:46:53.362{51A89197-6C8D-654E-9603-000000001D00}4724C:\Windows\System32\notepad.exe10.0.17134.1 (WinBuild.160101.0800)NotepadMicrosoft® Windows® Operating SystemMicrosoft CorporationNOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\VICTIM\Desktop\test_ads_abuse.txtC:\Users\VICTIM\Desktop\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=867B54F1BC5B71045A9A00BACA485A24176B202C,MD5=BB9A06B8F2DD9D24C77F389D7B2B58D2,SHA256=899346F9F283A4FD5AA03015A3F58CDE5B9C0B6A5C4D64C2CC74E9B22C1348D7,IMPHASH=A8F8224EB74E94301B59B88492740A75{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Users\VICTIM\Desktop\test_ads_abuse.ps1"ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000361069Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:46:53.296{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exeC:\Users\VICTIM\Desktop\test_ads_abuse.txt:Not_Malware_Code2023-11-10 17:45:03.865SHA1=1ADD035E5D8E3C4607B2248EC7C4B4C4A43AA28F,MD5=FFB53AD65288DD9C201747CBD3A8B65D,SHA256=0CDF495782A176E3E574BB7A50E8089166AF05367095F8622B09BCC96487D402,IMPHASH=00000000000000000000000000000000QQBkAGQALQBUAHkAcABlACAALQBBAHMAcwBlAG0AYgBsAHkATgBhAG0AZQAgAFAAcgBlAHMAZQBuAHQAYQB0AGkAbwBuAEMAbwByAGUALABQAHIAZQBzAGUAbgB0AGEAdABpAG8AbgBGAHIAYQBtAGUAdwBvAHIAawAgADsAIAAkAG0AcwBnAEIAbwBkAHkAIAA9ACAAIgBIAGUAbABsAG8AIABXAG8AcgBsAGQAIgAgADsAIAAkAG0AcwBnAFQAaQB0AGwAZQAgAD0AIAAiAEgAZQBsAGwAbwAgAFcAbwByAGwAZAAiACAAOwAgACQAbQBzAGcAQgB1AHQAdABvAG4AIAA9ACAAJwBPAEsAJwAgADsAIAAkAG0AcwBnAEkAbQBhAGcAZQAgAD0AIAAnAFcAYQByAG4AaQBuAGcAJwAgADsAIAAkAFIAZQBzAHUAbAB0ACAAPQAgAFsAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ATQBlAHMAcwBhAGcAZQBCAG8AeABdADoAOgBTAGgAbwB3ACgAJABtAHMAZwBCAG8AZAB5ACwAJABtAHMAZwBUAGkAdABsAGUALAAkAG0AcwBnAEIAdQB0AHQAbwBuACwAJABtAHMAZwBJAG0AYQBnAGUAKQA= ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000361068Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:46:53.280{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exeC:\Users\VICTIM\Desktop\test_ads_abuse.txt2023-11-10 17:45:03.865SHA1=4F10E409DD3C6A1C72F6B20612B5A7BF71102306,MD5=57DC15092968F4B1EA94371D5D16E48C,SHA256=112C85D53DC158A1F8A586F1E7CCCB9E68FA3D6576F086E8005DE903F6848242,IMPHASH=00000000000000000000000000000000Not empty ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000361067Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:46:53.280{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exeC:\Users\VICTIM\Desktop\test_ads_abuse.txt:Not_Malware_Code2023-11-10 17:45:03.865Unknown-ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000361065Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:46:53.280{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exeC:\Users\VICTIM\Desktop\test_ads_abuse.txt2023-11-10 17:45:03.865SHA1=4F10E409DD3C6A1C72F6B20612B5A7BF71102306,MD5=57DC15092968F4B1EA94371D5D16E48C,SHA256=112C85D53DC158A1F8A586F1E7CCCB9E68FA3D6576F086E8005DE903F6848242,IMPHASH=00000000000000000000000000000000Not empty ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000361045Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:46:53.155{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exeC:\Users\VICTIM\Desktop\test_ads_abuse.txt:Not_Malware.exe2023-11-10 17:45:03.865SHA1=1A4E2C3BBC095CB7D9B85CABE2AEA2C9A769B480,MD5=AFAF2CDF9981342C494B28630608F74A,SHA256=284674A806BCBE692C76761BAAF21327638DE0C7135BFB06953648BE7D661FBD,IMPHASH=8EEAA9499666119D13B3F44ECD77A729-ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000360975Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:46:51.421{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exeC:\Users\VICTIM\Desktop\test_ads_abuse.txt2023-11-10 17:45:03.865SHA1=4F10E409DD3C6A1C72F6B20612B5A7BF71102306,MD5=57DC15092968F4B1EA94371D5D16E48C,SHA256=112C85D53DC158A1F8A586F1E7CCCB9E68FA3D6576F086E8005DE903F6848242,IMPHASH=00000000000000000000000000000000Not empty ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000360974Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:46:51.405{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exeC:\Users\VICTIM\Desktop\test_ads_abuse.txt:Not_Malware.exe2023-11-10 17:45:03.865Unknown-ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000360972Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:46:51.405{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exeC:\Users\VICTIM\Desktop\test_ads_abuse.txt2023-11-10 17:45:03.865SHA1=4F10E409DD3C6A1C72F6B20612B5A7BF71102306,MD5=57DC15092968F4B1EA94371D5D16E48C,SHA256=112C85D53DC158A1F8A586F1E7CCCB9E68FA3D6576F086E8005DE903F6848242,IMPHASH=00000000000000000000000000000000Not empty ATTACKBOX-WIN10\VICTIM 154100x8000000000000000357234Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 17:45:34.534{51A89197-6C3E-654E-8203-000000001D00}4604C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe10.0.17134.81 (WinBuild.160101.0800)Windows PowerShell ISEMicrosoft® Windows® Operating SystemMicrosoft Corporationpowershell_ise.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Users\VICTIM\Desktop\test_ads_abuse.ps1"C:\Users\VICTIM\Desktop\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=82F1D9C4D5F46A575C5580D64C84297F9FBBDD0D,MD5=F84E7C82E76FF38D395D4F95B4FEA3FE,SHA256=54FAE2D27426F0A19F0E0B0289D4725E363A6D1078A2DF501260870FA8D47DDE,IMPHASH=00000000000000000000000000000000{51A89197-3B96-654E-5D00-000000001D00}4372C:\Windows\explorer.exeC:\Windows\Explorer.EXEATTACKBOX-WIN10\VICTIM