154100x8000000000000000239893Microsoft-Windows-Sysmon/Operationalar-win.nas.domain-2024-12-04 11:32:15.786{38b9f94a-3dbf-6750-8a04-000000002f03}192C:\Windows\System32\sc.exe10.0.17763.1 (WinBuild.160101.0800)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc sdset AtomicService "D:(D;;DCLCWPDTSD;;;IU)(D;;DCLCWPDTSD;;;SU)(D;;DCLCWPDTSD;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"C:\Users\ADMINI~1\AppData\Local\Temp\NAS\Administrator{38b9f94a-211d-6750-1a05-060000000000}0x6051a2HighMD5=ABB56882148DE65D53ABFC55544A49A8,SHA256=78097C7CD0E57902536C60B7FA17528C313DB20869E5F944223A0BA4C801D39B,IMPHASH=35A7FFDE18D444A92D32C8B2879450FF{38b9f94a-3dbf-6750-8704-000000002f03}2992C:\Windows\System32\cmd.exe"cmd.exe" /c sc.exe create AtomicService binPath= "C:\Windows\System32\calc.exe" & sc sdset AtomicService "D:(D;;DCLCWPDTSD;;;IU)(D;;DCLCWPDTSD;;;SU)(D;;DCLCWPDTSD;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"NAS\Administrator 154100x8000000000000000239890Microsoft-Windows-Sysmon/Operationalar-win.nas.domain-2024-12-04 11:32:15.671{38b9f94a-3dbf-6750-8904-000000002f03}3728C:\Windows\System32\sc.exe10.0.17763.1 (WinBuild.160101.0800)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exesc.exe create AtomicService binPath= "C:\Windows\System32\calc.exe" C:\Users\ADMINI~1\AppData\Local\Temp\NAS\Administrator{38b9f94a-211d-6750-1a05-060000000000}0x6051a2HighMD5=ABB56882148DE65D53ABFC55544A49A8,SHA256=78097C7CD0E57902536C60B7FA17528C313DB20869E5F944223A0BA4C801D39B,IMPHASH=35A7FFDE18D444A92D32C8B2879450FF{38b9f94a-3dbf-6750-8704-000000002f03}2992C:\Windows\System32\cmd.exe"cmd.exe" /c sc.exe create AtomicService binPath= "C:\Windows\System32\calc.exe" & sc sdset AtomicService "D:(D;;DCLCWPDTSD;;;IU)(D;;DCLCWPDTSD;;;SU)(D;;DCLCWPDTSD;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"NAS\Administrator 154100x8000000000000000239889Microsoft-Windows-Sysmon/Operationalar-win.nas.domain-2024-12-04 11:32:15.391{38b9f94a-3dbf-6750-8704-000000002f03}2992C:\Windows\System32\cmd.exe10.0.17763.1697 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /c sc.exe create AtomicService binPath= "C:\Windows\System32\calc.exe" & sc sdset AtomicService "D:(D;;DCLCWPDTSD;;;IU)(D;;DCLCWPDTSD;;;SU)(D;;DCLCWPDTSD;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"C:\Users\ADMINI~1\AppData\Local\Temp\NAS\Administrator{38b9f94a-211d-6750-1a05-060000000000}0x6051a2HighMD5=911D039E71583A07320B32BDE22F8E22,SHA256=BC866CFCDDA37E24DC2634DC282C7A0E6F55209DA17A8FA105B07414C0E7C527,IMPHASH=272245E2988E1E430500B852C4FB5E18{38b9f94a-21e2-6750-1e01-000000002f03}4272C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" NAS\Administrator